fix(monitoring): Add missing/broken NetworkPolicy

This patch fixes the current issue with the network policy regarding
host network containers, calico and Kubernetes NetworkPolicies.

The problem originates from the selected bind port to reach containers
on the calico overlay network, which is using the wireguard endpoint,
instead of the host external IP. Since these also always change, and are
part of the Pod-CIDR, it's not really possible to selected them using an
ipBlock without opening things up for all pods.

The reason why the Kubernetes NetworkPolicies don't work, is due to them
not being applied to host network pods, therefore the control-plane
can't be really selected here. therefore calico network policies with
automatic host endpoints are a requirement.