Audit access policy implementation

[alpeb]

Followup to #12845

This expands the policy controller index in the following ways:

• Adds the new Audit variant to the DefaultPolicy enum
• Expands the function that synthesizes the authorizations for a given default policy (DefaultPolicy::default_authzs) so that it also creates an Unauthenticated client auth and a allow-all NetworkMatch for the new Audit default policy.
• Now that a Server can have a default policy different than Deny, when generating InboundServer authorizations (PolicyIndex::client_authzs) make sure to append the default authorizations when DefaultPolicy is Allow or Audit

Also, the admission controller ensures the new accessPolicy field contains a valid value.

Tests

New integration tests added:

• e2e_audit.rs exercising first the audit policy in Server, and then at the namespace level
• in admit_server.rs a new test checks invalid accessPolicy values are rejected.
• in inbound_api.rs server_with_audit_policy verifies the synthesized audit authorization is returned for a Server with accessPolicy=audit

[!NOTE] Please check linkerd/website#1805 for how this is supposed to work from the user's perspective.

[alpeb]

Ready for review again :+1: Note the CI Rust failures are from the tests, which I've addressed separately in #12847