Implement network policies to isolate services

[olevski]

We should implement k8s network policies to separate and limit communication (within the cluster) between services.

I propose the following:

• default deny all ingress
• then allow ingress for services that need to communicate
• most communication happens through the gateway and ui-server so the gateway and ui-server need to have permissions to access other services
• check which other services call other services in the k8s cluster

This is feedback from security engineers at the BIT.

[lorenzo-cavazzi]

Afaik all the traffic coming out from the UI server goes through the gateway. The one exception is Redis. Should there be more exceptions, we can remove them and keep it simple.