Fix error code when using the wrong service account

[tomhjp]

Previously, using a service account with the wrong name or from the wrong namespace gave:

Error making API request.

URL: PUT http://127.0.0.1:38200/v1/auth/kubernetes/login
Code: 500. Errors:

* service account name not authorized

Obviously, internal server error isn't the correct error code, so this PR updates that to be a 403:

Error making API request.

URL: PUT http://127.0.0.1:38200/v1/auth/kubernetes/login
Code: 403. Errors:

* service account name not authorized

I wanted to be able to test it for real with the plugin actually registered with Vault, and we don't really have much test infrastructure set up to help with that, so I made some automated integration tests that:

• Spin up a kind cluster, exposing a port on the host machine
• Build the plugin, build it into a Vault Docker image, and install that onto the cluster, with port forwarding from host machine all the way through to the container
• Run some vanilla Go tests from outside the cluster, talking directly to Vault within the cluster
• Do all of the above on 4 different versions of Kubernetes

There's not much to the integration tests themselves yet, but it should make validating features against multiple Kubernetes versions much easier in future.

Finally, there's also some cleanup fixing docs/links and removing some now unused bits.

If we're happy to move forward with this, I'll remove the current CircleCI config too, as it's now covered in the GH actions workflow.

[tomhjp]

Agreed on the backport 👍 last thing to do before merging is just to sort out the CircleCI builds