Add rules for Cilium

[vadorovsky]

This PR contains the change in rke2 policy necessary to run Cilium on Centos 7. It also contains a preparatory change which fixes the Vagrantfile and adds a bit of customization to it (installation of rke2, adjustment of resources and optional mainline kernel usage). More details in commit messages.

To sum it up, this change can be tested by the following steps.

Building the policies on the host:

make

Preparing and entering the Vagrant environment:

vagrant up
vagrant provision --provision-with=kernel-mainline
vagrant ssh

Editing the rke2 configuration (/etc/rancher/rke2/config.yaml) and adding there:

cni: cilium

Running rke2:

systemctl enable --now rke2-server

Checking if Cilium is able to run:

# systemctl enable --now rke2-server
Created symlink from /etc/systemd/system/multi-user.target.wants/rke2-server.service to /usr/lib/systemd/system/rke2-server.service.
# export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
# ./kubectl get pods -A | grep cilium
kube-system   cilium-fd6w7                                     1/1     Running     0          12m
kube-system   cilium-node-init-mtcmk                           1/1     Running     0          12m
kube-system   cilium-operator-596fdcf67-c4r48                  1/1     Running     0          12m
kube-system   cilium-operator-596fdcf67-mlt7p                  0/1     Pending     0          12m
kube-system   helm-install-rke2-cilium-mjktd

Ref: rancher/rke2#1273

[cjellick]

Does this PR also automatically fix the issue on other release branches? If so, can you reference those issues here as well?