Update `restrict-host-path-mount-pv` kyverno policy to `enforce`

https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/1693 added a new policy to disallow PVs using hostpaths. We initially turned this to audit mode due to the complication of "local path" storage classes.

This issue should be closed when the policy is moved to enforce mode (this change should be set at the Big Bang level).

In an ideal world we could have BB dynamically disable the policy when using a local path storage class, although this may not be feasible. If we make use of helm-lookup we can get the contents of the default storage class, but it doesn't seem like there is much we can do to truly check if it is a local path storage class. If you are interested in this path, the ticket can include a brief investigation (definitely less than 1 weight) before switching to enforcing.

We should add a note to the release notes for 1.37.0 (or whenever this is merged) as well to announce this change.