Add k3d load balancer exception to dev/ci values for gatekeeper

In the dev-k3d-values.yaml and the CI values.yaml, add an k3d load balancer exception for gatekeeper constraints named below. Use excludedResources and add istio-system/lb-port-.* or istio-system/svclb-*. This should only be in the dev and ci values, not in the default values.

Although our CI doesn't currently use K3D's internal load balancer, we may choose to do so in the future.

Testing:

Create an ingress gateway in big bang with the following:

istio:
  ingressGateways:
    public-ingressgateway:
      type: "LoadBalancer"
      kubernetesResourceSpec:
        serviceAnnotations:
          service.beta.kubernetes.io/aws-load-balancer-type: nlb
          service.beta.kubernetes.io/aws-load-balancer-internal: "true"

This will create the service load balancer pods in the istio-system namespace. Then validate that OPA Gatekeeper is not flagging this as a violation when you use the k3d-dev-values.yaml or the ci values.yaml

The following constraints should have the excludedResources:

• Read-only root filesystem
• Required labels
• Allowed repositories
• Seccomp profile
• Privilege escalation
• Resource ratio
• Resource limits
• Allowed users
• Capabilities
• Image digests
• Host networking ports
• Deny default service account
• Required probes

This is a temporary measure to allow OPA Gatekeeper enforcement in Big Bang. Long term, K3D should be hardened. See &140