Ensure testing credentials are labeled as such

Kubernetes-commit: 9d3670f3586c98c02cdca93b7c98dd91fc0b87bd

pkg/server/options/encryptionconfig/testdata/valid-configs/aes/README.md

@@ -0,0 +1 @@
+Keys and secrets in this directory are generated for testing purposes only.

pkg/server/options/testdata/README.md

@@ -0,0 +1 @@
+Keys in this directory are generated for testing purposes only.

plugin/pkg/authenticator/token/oidc/oidc_test.go

@@ -1546,7 +1546,7 @@ func TestToken(t *testing.T) {
 
 func TestUnmarshalClaimError(t *testing.T) {
 	// Ensure error strings returned by unmarshaling claims don't include the claim.
-	const token = "96bb299a-02e9-11e8-8673-54ee7553240e"
+	const token = "96bb299a-02e9-11e8-8673-54ee7553240e" // Fake token for testing.
 	payload := fmt.Sprintf(`{
 		"token": "%s"
 	}`, token)

plugin/pkg/authenticator/token/webhook/webhook_v1_test.go

@@ -479,7 +479,7 @@ func TestV1WebhookTokenAuthenticator(t *testing.T) {
 			expectedAuthenticated: false,
 		},
 	}
-	token := "my-s3cr3t-t0ken"
+	token := "my-s3cr3t-t0ken" // Fake token for testing.
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
 			wh, err := newV1TokenAuthenticator(s.URL, clientCert, clientKey, caCert, 0, tt.implicitAuds)

plugin/pkg/authenticator/token/webhook/webhook_v1beta1_test.go

@@ -481,7 +481,7 @@ func TestV1beta1WebhookTokenAuthenticator(t *testing.T) {
 			expectedAuthenticated: false,
 		},
 	}
-	token := "my-s3cr3t-t0ken"
+	token := "my-s3cr3t-t0ken" // Fake token for testing.
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
 			wh, err := newV1beta1TokenAuthenticator(s.URL, clientCert, clientKey, caCert, 0, tt.implicitAuds)