✨ Include network policy for all configmap and grpc catalogsources

[joelanford]

Description of the change:

This change updates OLMv0 to generate and reconcile a NetworkPolicy object for each CatalogSource where OLMv0 also manages a catalog pod (i.e. configmap and grpc-based catalog sources).

Related implementation details:

• Informer events from network policies are handled by the catalog operator, so any deletions or changes are reverted.
• Each NetworkPolicy gets an owner reference so that it is automatically cleaned up when the catalog source is deleted.
• Each NetworkPolicy uses a pod selector that specifically targets the catalog pod, so there should be no accidental blocking of traffic of unrelated pods.

Unit tests are updated to ensure that NetworkPolicy objects are handled correctly.

Motivation for the change:

The only necessary communication for catalog source pods is incoming connections on their GRPC ports. By adding NetworkPolicy, we can provide more security to mitigate vulnerabilities and avoid accidental data leaks.

Architectural changes:

None (unless you count managing NetworkPolicy for CatalogSources as an architectural change)

Testing remarks:

Reviewer Checklist

• Implementation matches the proposed design, or proposal is updated to match implementation
• Sufficient unit test coverage
• Sufficient end-to-end test coverage
• Bug fixes are accompanied by regression test(s)
• e2e tests and flake fixes are accompanied evidence of flake testing, e.g. executing the test 100(0) times
• tech debt/todo is accompanied by issue link(s) in comments in the surrounding code
• Tests are comprehensible, e.g. Ginkgo DSL is being used appropriately
• Docs updated or added to /doc
• Commit messages sensible and descriptive
• Tests marked as [FLAKE] are truly flaky and have an issue
• Code is properly formatted

[dinhxuanvu]

Looking good. A few comments.

[dinhxuanvu]

/approve