Add missing `NetworkPolicy` for kube api access

Motivation

istiod needs access to the Kubernetes API to watch for changes to its primary ConfigMap resource. When NetworkPolicy resource are enabled, depending on the CNI implementation, no NetworkPolicy allows this access to occur.

Acceptance Criteria

A NetworkPolicy is added to istiod that allows the istiod pod to communicate with the Kubernetes API server.

Edited May 01, 2025 by Zach Callahan