Introduce audit mode for Network Policies
Problem to solve
As mentioned in #14010 (closed) it would be good to support audit (log-only) network policies. Audit policy will only log traffic that is supposed to be blocked. Audit policies are not supported by the network policy provider we use (Cilium), so we would need to implement these changes upstream.
Further details
Audit mode is considered by cilium: https://github.com/cilium/cilium/issues/9580 but it is not worked on actively.
Proposal
As discussed in cilium's issues we can introduce annotation or update schema for CiliumNetworkPolicy. These flag will be used in BPF program to send new type of audit message (similarly to send_drop_notify). Monitor command has to be updated to be able to output new type of audit messages.
Documentation
Documentation will need description and example for audit policy.
Testing
Network policy demo should be tested against audit policy.