Expose web IDE services directly in the pod

In Live preview (server-side evaluation) (https://gitlab.com/gitlab-org/gitlab-ee/issues/4013) application for the Web IDE, we want to be able to browse the application running in a pod's container.

For that matter, we https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10699, gitlab-workhorse!386 (closed), as we did for websockets requests in gitlab-workhorse!370 (merged).

But there is a big security problem with this approach. Because we can't really control the service running in the build, there are several risks attached to this approach (discussion started gitlab-workhorse!370 (comment 157586226)).

We have tried to use GitLab Pages for this and use the current implementation for regular HTTP requests. but there are several workflows that wouldn't work at all. (investigation of this approach in https://gitlab.com/gitlab-org/gitlab-ee/issues/11078#note_175938212)

The solution seems to go through exposing the service directly and access it from outside the pod (node?). In this scenario, we can prevent these security problems and also some CORS ones.

But there is a disadvantage in this approach. We need a sidecar container running before the build service that will check the authorization for the user to access it.

/cc @DouweM