chart: add network policies

[Gacko]

When deploying the chart to clusters with network access restricted by network policies, you might not be able access the API server.

This PR adds network policies for the controller and kubelet plugin, so they can access the API server in such environments.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[jgehrcke]

Thank you for this patch @Gacko. At the surface, this looks good to me and I trust that it has solved the problem you were seeing.

@klueska do you also want to have a look?

[Gacko]

@jgehrcke: Yes, it did.

If you're interested I can come up with Helm unit testing in a separate PR. We're using the Helm Unit Tests plugin at Ingress NGINX for some basic testing.

Additionally you could use the Helm Chart Testing tool in conjunction with KIND to deploy and test the chart.

Shall I first create an issue to have a discussion?

[Gacko]

Ah, and one more thought on this PR: I chose ports 443 and 6443 because they are common, but I am not sure if it would actually be a better idea to have them configurable, since this network policy hard-codes egress to any destination via 443 and 6443.