Evaluate/Update Neuvector NetworkPolicies

Neuvector currently has a batch of network policies. These policies should be evaluated to ensure that all are working and applicable. Particular things to look out for:

• Proper namespaces on policies
• Ingress restricted to Istio + Monitoring only (typically this is all)
• Egress for istiod, traces (to tempo), DNS, (sometimes) HTTPS access for contacting external services
• In namespace access
• Ensure AWS metadata is blocked, unless required for some package functionality

Aceeptance criteria:

• Network policies updated as necessary
• Network policies enabled by default in package CI
• Network policies enabled by default in BB, with "global" network policy value passing through