Being able to specify a consul token per app

[guilhem]

To be finer with consul ACL, we would like to specify consul token by app.

It may be done with a label consul-token .
for security reasons, this label can be encrypted by public/private key.

I don't know if it's the best things to do or if there is a better solution.

[adamdubiel]

What we plan to do is give marathon-consul token which allows on registering/deregistering any application. If owner of application wants to register/deregister by himself, he gets token for only single app.