Support specifying podSelectors for istio gateway policy

Similar to #21 (closed), currently bb-common generates a single network policy targeting podSelector: {}.

We need to add support for more granular podSelectors. Part of this would involve adjusting the current structure of the values to alloy for multiple istio ingress gateway allow policies to be generated.

Most likely that would mean moving from:

    dynamic:
      enabled: true
      ingressGatewayPorts:
      - port: 20001
        protocol: TCP

to:

    dynamic:
      enabled: true
      ingress:
          ports:
            - port: 20001
              protocol: TCP

This would also support specifying selectors (and multiple policies):

    dynamic:
      enabled: true
      ingress:
        - selector:
            app: sidekiq
          ports:
            - port: 8080
              protocol: TCP
        - selector:
            app: gitlab-pages
          ports:
            - port: 8090
              protocol: TCP