"Not on the same physical medium" security requirement for Tang server and clients

[jamshid]

The README says it's important the Tang keys are not on the same physical medium when using a container, but that's not really docker/container-specific right? If the Tang server and a client are running in virtual machines on the same host and the server is stolen, the data can be unencrypted.

Docker Container
Tang is also available as a Docker Container.
Care should be taken to ensure that, when deploying in a container cluster, that the Tang keys are not stored on the same physical medium that you wish to protect.

IMO it would be good to move the "Tang keys must not be stored on the same physical medium that you wish to protect" requirement to https://github.com/latchset/tang/#security-considerations.

[sarroutbi]

IMHO, it is worth to remember in the README.md that tang and clevis client should be pinned to different hosts for security issues. I agree it is not Docker specific, but it applies to Docker, so, it is worth reminding it there.