Is your feature request related to a problem? Please describe.
Some users might prefer to not distribute authentication credentials to minions at all, relying on the external pillar module only instead.

This came up in saltstack/salt#67029.

Describe the solution you'd like
Add a switch that causes the master to reject all non-impersonated credential requests.

Describe alternatives you've considered
Blocking access to Vault at the network level (does not prevent the credentials from being leaked in the first place).

Additional context
While I don't see many practical benefits of this approach, not unnecessarily distributing credentials does make sense. It's also very simple to implement.

Note that this switch would not disable the SSH wrapper modules since they run in a similar fashion to pillar rendering.