Replace allowed ips when sending instance config to clients when force_all_traffic is enabled

[j-chmielewski]

Related issue: #880

To ensure that older clients also honor the force_all_traffic policy, we can modify the configuration sent to them over gRPC.
Specifically, if the policy is active, then for all locations we would replace the AllowedIPs with 0.0.0.0/0, ::/0.

While legacy clients will continue to display this configuration as "predefined traffic", in practice all network traffic will be routed through the VPN - as dictated by the configuration provided by the core service