Ability to "tunnel" from localhost to service group or port forward to an instance

[nderjung]

Feature request summary

This issue tracks the ability to let the user access the internal network and/or internally exposed ports of application services within a KraftCloud service group.

The purpose of this is to let users a). connect to services which are typically not exposing TLS-based traffic, which KraftCloud only supports and b). debug instances without having to publicly expose the port.

This should manifest itself as a new CLI subcommand:

kraft cloud tunnel <SERVICE|INSTANCE> [PORT[:PORT[/PROTOCOL]

Where then:

• kraft cloud tunnel my-service -- forwards everything, you can do ping on instances in the same service group. Needs some thinking and sounds more complex to do.
• kraft cloud tunnel my-instance 8080 -- forwards port 8080 on localhost to 8080 of the instance my-instance.
• kraft cloud tunnel my-instance 1234:8080 -- accessing localhost:1234 allows accessing 8080 of my-instance.
• kraft cloud tunnel my-instance 1234:8080/udp, same as above, only for UDP.

[craciunoiuc]

to investigate https://github.com/sumup-oss/gocat