[SPIKE] Evaluate setting outboundTrafficPolicy in a namespace

In order to accomplish https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/187 we eventually will need to set the global meshConfig outboundTrafficPolicy to REGISTRY_ONLY. The problem with this is that it is applied cluster wide. It would be desirable to establish the viability of an approach where we could enable the outBoundTrafficPolicy: REGISTRY_ONLY via the Sidecar configuration in a particular namespace as a stepping stone for our ultimate destination.

I would envision for each package/namespace we would:

• Identify external services that a package/namespace utilizes
• Create a ServiceEntry for each external service that is needed by a particular package/namespace
• Set outboundTrafficPolicy: REGISTRY_ONLY in the Sidecar configuration

Outstanding questions to answer:

• Does this meaningfully move us towards our eventual stated goal in https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/187 which includes setting the meshConfig to REGISTRY_ONLY and routing traffic out of an egressgateway?
• Is the approach technically feasible to do piecemeal? I would imagine working a ticket per package.