feat: introduce policy event logs scope

[m00lecule]

Issues:
#482
#463
#464 (comment)
#427

Description of changes:
This feature allows to narrow the ebpf programs events scope (both ACCEPT and DENY or only DENY). To filter out the ACCEPT logs and metrics please specify --enable-policy-event-logs=true and --policy-event-logs-scope=deny.

The policy event logs volume can be overwhelming. The high CPU usage comes usually from userspace process processing the ebpf events published to RINGBUF, which are mostly the ACCEPT events.

Secondly the policy events logs are critical due to observability reasons. There is no command to confirm the NP is dropping traffic. The only way is to enable enable-policy-event-logs=true, which is quite resources heavy and might decrease environment performance.

Finally, by reducing the ACCEPT events we can get a guarantee that all DENY events are written to log files. The policy_events RINGBUF has a fixed size (https://github.com/aws/aws-network-policy-agent/blob/main/pkg/ebpf/c/v4events.bpf.c#L53), when exceeding the buffer capacity some old events are dropped and eventually missing in the log files.

Alternatively the feature could be implemented as:

• userspace logger logLevel, however it would still cause high CPU usage due to high volume processing caused by ACCEPT events,
• two RING_BUFFERS storing respectively DENY and ACCEPT events separately (probably cleaner approach, less ebpf maps lookups)
• configure the policy event logs scope per traffic type (egress, ingress) or even per replica set (configuration based on vpc-cni NP config and deployment annotations)

The goal is to discuss the overall architecture. Please consider this PR as prototype, not yet a final implementation.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[m00lecule]

@viveksb007 kindly asking for an initial review