`jwt-authz` auth policy doesn't specify an `action` so it defaults to being `ALLOW`

Bug

Description

While testing a monitoring renovate with SSO enabled, I noticed that Grafana dashboards had an "RBAC: permission denied" pop-up.

After some troubleshooting, I believe it is because the jwt-authz authorization policy doesn't list an action. Per the documentation, the default action is ALLOW. As a result, I believe this turns on the default deny behavior I am observing.

BigBang Version

What version of BigBang were you running?

I'm running this umbrella chart big-bang/bigbang!4667 (merged) as I originally thought it would solve the problem.

These are the overrides I'm supplying:

---
istio:
  enabled: true
istioOperator:
  enabled: true
monitoring:
  enabled: true
  git:
    tag: null
    branch: "renovate/ironbank"
  sso:
    enabled: true
    prometheus:
      client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
    alertmanager:
      client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
grafana:
  sso:
    enabled: true
    grafana:
      client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-grafana
      scopes: "openid Grafana"
jaeger:
  enabled: true
  sso:
    enabled: true
    client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
kiali:
  enabled: true
  sso:
    enabled: true
    client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
addons:
  authservice:
    enabled: true

For completeness, I also use the ./docs/assets/configs/example/policy-overrides-k3d.yaml and ./chart/ingress-certs.yaml files as well.