In Service Account design document, the securityContext is included in ServiceAccount struct,
But I saw that ServiceAccount struct doesn't include securityContext in the lastest code, is there any background for this change?

Without the namespace level securityContext, if I want to forbidden all pods in cluster to run as root user by default, how to handle then?

https://github.com/kubernetes/kubernetes/blob/master/docs/design/service_accounts.md
https://github.com/kubernetes/kubernetes/blob/master/pkg/api/types.go#L1575