Restrict ingest and export with configurable NetworkPolicies

[a-thaler]

Description

As part of #2464 proper NetworkPolicies got introduced so that users can have deny-all policies in place.
However, the policies introduced in this story are not restricting the ingress and export communication to customer workload.

Goal: Have a feature to restrict the ingest and export to telemetry components with NetworkPolicies, while the user can define via labels which workloads can particicape in that communication.

Tasks:
See https://github.com/kyma-project/telemetry-manager/blob/main/docs/contributor/arch/028-network-policy-hardening.md#phase-2-introduce-zero-trust-network-policies