HashiCorp Vault's GCP authentication method can be bypassed on
gce type roles that do not specify bound_service_accounts. Vault
does not enforce that the compute_engine data in a signed JWT token
has any relationship to the service account that created the token.
This makes it possible to impersonate arbitrary GCE instances, by
creating a JWT token with a faked compute_engine struct, using an
arbitrary attacker controlled service account.
