Describe the bug

The TokenReview handler in the k/k code has no knowledge about the cluster, and so the workspace authenticator cannot determine the authn. This makes it so that a TokenReview is always resulting in a HTTP 401 "invalid bearer token".

We should adjust our k/k fork to ensure the target cluster is available in the fakeRequest that the TokenReview handler creates and hands over to the tokenAuthenticator.

Steps To Reproduce

N/A

Expected Behaviour

TokenReviews should work as expected.

Additional Context

No response