also changed from setting the project name in the instance labels to a
instance tag aka network tag, as the setup for allowing traffic in the FW
is bassed on tag not label
in the upstream vmpooler code, we use the global domain parameter, so naming that parameter
the same in GCE. This parameter can be optionally set in the provider config, and
overwrites the global parameter. It is used to infer the FQDN as .
we setup DNS when a VM is created and tear it down when a VM is deleted
the DNS zone should exist already and is referenced by a provider setting
the dns zone is also set in order to use it for vm_ready? instead of the global
domain
instances have a label that identifies which project they belong to, so
it can be used for FW rules
This method gets the user name based on the token:user metadata in redis,
cleans it up to be safe for a label name (lowercase, numbers and dash or underscore only),
and update the existing instance labels adding a new one called token-user
before thhis change the allow list would only support checking the 'pool' label value
we can now specify a different label name by using the format labename=value where
the equal sign '=' is considered the separator
