feat: add support for custom CIDR ingress/egress rules (#60)

- Added `additional_allowed_cidr_ingress` and `additional_allowed_cidr_egress` fields to `TenantNetworkPolicy` to allow specifying custom CIDR blocks for network access.
- Updated K8sTenantManager to parse and apply these CIDR rules to NetworkPolicy ingress and egress rules.
- Added `cidr` dependency to `harmony_macros` and a custom proc macro `cidrv4` to easily parse CIDR strings.
- Updated TenantConfig to default inter tenant and internet egress to deny all and added default empty vectors for CIDR ingress and egress.
- Updated ResourceLimits to implement default.

Reviewed-on: NationTech/harmony#60
Co-authored-by: Jean-Gabriel Gill-Couture <jg@nationtech.io>
Co-committed-by: Jean-Gabriel Gill-Couture <jg@nationtech.io>

harmony_macros/Cargo.toml

@@ -14,6 +14,7 @@ quote = "1.0.37"
 serde = "1.0.217"
 serde_yaml = "0.9.34"
 syn = "2.0.90"
+cidr.workspace = true
 
 [dev-dependencies]
 serde = { version = "1.0.217", features = ["derive"] }

harmony_macros/src/lib.rs

@@ -132,3 +132,16 @@ pub fn ingress_path(input: TokenStream) -> TokenStream {
         false => panic!("Invalid ingress path"),
     }
 }
+
+#[proc_macro]
+pub fn cidrv4(input: TokenStream) -> TokenStream {
+    let input = parse_macro_input!(input as LitStr);
+    let cidr_str = input.value();
+
+    if let Ok(_) = cidr_str.parse::<cidr::Ipv4Cidr>() {
+        let expanded = quote! { #cidr_str.parse::<cidr::Ipv4Cidr>().unwrap() };
+        return TokenStream::from(expanded);
+    }
+
+    panic!("Invalid IPv4 CIDR : {}", cidr_str);
+}