Reconcile Neuvector with OPA Gatekeeper / Kyverno

https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/2233 added a number of exceptions for policies (search for neuvector in each of the gatekeeper/kyverno values files).

For each exception:

• Review the exception and pod that the exception is for
• If the exception makes sense, add a comment above the exception documenting the rationale for the exception
• If an exception doesn't make sense or can be fixed by a change to the chart, adjust the chart to resolve the issue and remove the exception

One exception to give special attention to is the bannedImageTags (and gatekeeper version of this). Neuvector scanner pods must run the most up to date version in order to have up to date CVE lists. We may be able to switch the tag to 5 and still have the same effect without having to use latest.