Add validation of configued policy rules

Current state (as soon as !235 (merged) and !237 (merged) are merged (see #116 (closed)))

The user can configure the policy rules used by some of the openstack services, e.g., in nova like so:

apiVersion: yaook.cloud/v1
kind: NovaDeployment
metadata:
  name: nova
spec:
  ...
  policy:
    "context_is_admin": "role:admin"
    "invalid rule": "should be forbidden"
    ...
...

Desired state

The provided policy rules should be validated.

Suggested approach

(see this discussion)

Take the known default policy file (generated or just hard coded (since it does not change for a certain release)).
- pointers to generation possibilities:
  - oslopolicy-sample-generator e.g., with --config-file tools/config/cinder-policy-generator.conf
  - tox -egenpolicy
    - (Cinder) references:
      - https://github.com/openstack/cinder/blob/stable/queens/etc/cinder/README-policy.generate.md
      - https://github.com/openstack/cinder/blob/stable/queens/doc/source/configuration/block-storage/policy.rst
validate that all rules (i.e., rule names) the user gave in the cr are present in the default policy file.
validate the (rule) values somehow

Edited Feb 19, 2021 by Karin Fetzer

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information