Enhance the operator to accept "deny" rules

[stewartshea]

As a developer, I could see some use cases where I would want to create a "permit" rule that is pretty generic and then corresponding "deny" rules for specific use cases. I would like this to be a possibility within the bcgov networksecuritypolicy operator. Currently I believe it implies "allow"

apiVersion: secops.pathfinder.gov.bc.ca/v1alpha1
kind: NetworkSecurityPolicy
metadata:
  name: inter-namespace-comms
spec:
  description: |
    allow the devhub namespace to talk to the VON
    namespace.
  action: Allow
  source:
    - - role=web
  destination:
    - - ext:network=any

[mitovskaol]

Revisited on Oct 4, 2019. Let it stay iced for now.