Clients without pool-changing caps shouldn't be allowed to change pool_namespace
The purpose of the 'p' flag in MDS client auth caps is to enable creating clients that cannot set the pool part of the file layout. We created that so that locked-down clients that are meant to be confined to a particular pool cannot create layouts pointing to any other pool.
The purpose of setting a namespace on file layouts is to enable creating clients that have OSD caps limiting them to that particular namespace. When we have clients like that, it doesn't make sense to allow them to modify their file layouts' pool_namespace field to point to a namespace that they don't have permission to write to.
Therefore, we should apply the same restriction on setting pool_namespace that we currently apply to setting pool.