SSO CAUSES RBAC ERROR WHEN HARDENING IS DISABLED

When SSO is enabled and istio hardening is not enabled, we get a RBAC: access denied on the tempo home page:

This is because istio-system namespace creates some AuthorizationPolicy kinds to support SSO which prevent tempo from calling itself.

The fix is to install the tempo/chart/templates/bigbang/istio/authorizationPolicies/allow-tempo-ap.yaml AuthorizationPolicy when SSO is enabled