Separate Anchore network policies

• policy for feeds - podselector on which pod does feeds (might need some enterprise conditionals too if that plays into which pod needs access)
• policy for external db - conditional on an internal db being disabled, podselector for only the pod that needs db access
• policy for external redis - conditional on an internal redis being disabled, enterprise enabled, enterprise UI enabled, podselector for only the pod that needs redis access
• policy for SSO - conditional on sso enabled, enterprise enabled, UI enabled, podselector for only the pod that needs SSO access
• policy for imagepulls/analysis - might just need egress for everything

Some of these might overlap with the podselector so we could just do 1 or 2 policies or something (1 that allows API egress thats unconditional bc of the feeds, 1 for the UI with some conditionals).

ALSO TO-DO:

• restrict istio ingress to only UI/API ports that are exposed by VirtualService