fix(metallb): Switch to "Allow from all namespaces"

Currently there is an issue, that the kube-apiserver can't reach the
metallb admission webhook, which results in the inability to sync any
metallb objects.

The reason why this doesn't work is not completely understood yet. It
uses an IP address from the Pod CIDR (10.1.0.0/16) which is blocked by
the network policies. No single pod has this IP address according to
`kubectl get pods --all-namespace -o wide`, which displays the Pods
along with their IP addresses.

This makes sense, given that the kube-apiserver is a host/node Pod,
which is directly define in the kubelet configuration of the
control-plane node, which also runs in the host network. As a result the
pod has no regular Pod IP from the Pod IP address space.

For debugging, I used a calico log rule, which are based on the calico
network policies.

Reference:
https://projectcalico.docs.tigera.io/archive/v3.23/security/calico-network-policy#generate-logs-for-specific-traffic