Space Host identity workflow is described

[jtuttle]

Depends on https://github.com/cyberark/conjur-service-broker/issues/103 Depends on https://github.com/cyberark/conjur-service-broker/issues/104

Once it's possible to configure the service broker to use space-level Host identities (per the linked issues above) we should update the documentation to describe how to use this workflow. This will essentially boil down to:

1. Set ENABLE_SPACE_IDENTITY=true when deploying the Conjur service broker.
2. Pass the identity: space param when binding an app to the Conjur service

[izgeri]

We also need to:

• [ ] Describe the upgrade requirements (if there are any special ones)
• [ ] Describe what the process is if you need to rotate a host API key that is being used by a PCF host. Roughly it seems to be:
  • Rotate API key
  • Update API key stored in policy in the space policy branch
  • Rebind all apps to Conjur. This can be done with blue/green deploys - redeploy new "versions" of all apps to force new binds / receive new credentials, and reroute system to new versions of apps (if this is not done and an app restarts, it will be unable to retrieve secrets from Conjur)
• [ ] Update the screenshot of the tile config, since it will have a new configuration option