Karydia Default Network Policy Security extensions

[Tobias1501]

Description

Level 1 Network Policy / karydia-default-network-policy added security for the following aspects:

1. block access to host network (static AWS)
2. block access to meta data services (AWS = GCP = Azure and Ali Cloud)
3. block access to kube-system namespace by allowing only necessary DNS traffic

We decided to be quite open (blacklist). Please note: In the next "Network Policy" version, the protection of host network will be implemented using labels and roles. We can't rely on a static or even dynamic IP range and we must use a layer of abstraction.

Checklist

Before submitting this PR, please make sure:

• [x] you have added integration tests
• [x] your code builds clean with make
• [x] your code lets succeed unit tests with make test
• [x] your code lets succeed integration tests
• [x] you have documented new or changed features

[CLAassistant]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

Tobias Simolik seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}