add vpn insecure namespace

Change-Id: I8a774ae625342af3521ad0ab11a8f6d4e4ef6c97

cluster/kube/cluster.jsonnet

@@ -145,6 +145,8 @@ local Cluster(short, realm) = {
         policies.AllowNamespaceInsecure("matrix"),
         policies.AllowNamespaceInsecure("registry"),
         policies.AllowNamespaceInsecure("internet"),
+        # TODO(implr): restricted policy with CAP_NET_ADMIN and tuntap, but no full root
+        policies.AllowNamespaceInsecure("implr-vpn"),
     ],
 
     // Allow all service accounts (thus all controllers) to create secure pods.