Namespace whitelist annotation is too permissive

[leosunmo]

I came across this while writing tests for #327.

The default regex at https://github.com/uswitch/kiam/blob/master/pkg/server/policy.go#L164 is far too permissive.

Unless I am missing something, I am able to make it match with most things as long as that character appears once in the role string. For example:
https://goplay.space/#w4k3fBwrXVJ

Playing around here https://regex101.com/r/a2eGqY/1/
you can see that we'd have to detect if the string has any regex characters and if it doesn't, add something like ^i$ to make it not match a single character in the role.

Not sure if there's a nicer way around the regex issue or if it requires some string analysing to figure out how to construct the regex query.