Introduce New Network Policy Levels

[Neumann-Nils]

Description

This PR introduces 3 new network policy levels, which can be described as follows:

1. karydia-default-network-policy-l1: Block metadata service, access to kube-system namespace and access to the host network.
2. karydia-default-network-policy-l2: Level 1 security implications and block internet access (egress).
3. karydia-default-network-policy-l3: Level 2 security implications and block communication between different namespaces.

Each network policy is tested using e2e-tests and documented in the features.md. One can specify the used cloud provider in the values.yaml, wherefore only relevant metadata service IPs will be blocked.

Note: This PR also introduce the label kube-system karydia.gardener.cloud/name to the kube-system namespace. This is used to select this namespace in network policy level 1 and 2. A self-controlled label is preferred over a label controlled by e.g. Gardener (as it makes this feature universally useable).

Resolves #46. Resolves #188.

Checklist

Before submitting this PR, please make sure:

• [x] you have added integration tests
• [x] your code builds clean with make
• [x] your code lets succeed unit tests with make test
• [x] your code lets succeed integration tests
• [x] you have documented new or changed features

[claassistantio]

All committers have signed the CLA.