Service account tokens are mounted by default
No service account specified means default is mounted
Unwanted Kubernetes API access can leak to privilege escalation
Those pods should not mount service account
Add automountServiceAccountToken to pods