Description of problem:

There is follow up for OCPSTRAT-1978(https://issues.redhat.com/browse/OCPSTRAT-1978), the storage component needs explicit network policy for hosted cluster in management control plane namespace, see slack discussion in https://redhat-internal.slack.com/archives/GK0DA0JR5/p1757684809758969

Origin discussion:
I have one doubt about the networkpolicy feature on hypershift, as the hosted cluster storage operator/controller are installed under specific namespace in the managed cluster, but there is no networkpolicy in that namespace in managed cluster.
This is the output from the managed cluster:
$ oc -n clusters-hypershift-ci-355960 get deployment | grep -E "ebs|storage|snapshot"
aws-ebs-csi-driver-controller        1/1     1            1           10h
aws-ebs-csi-driver-operator          1/1     1            1           10h
cluster-storage-operator             1/1     1            1           10h
csi-snapshot-controller              1/1     1            1           10h
csi-snapshot-controller-operator     1/1     1            1           10hoc -n clusters-hypershift-ci-355960 get networkpolicies
NAME                   POD-SELECTOR                                                                                   AGE
kas                    app=kube-apiserver                                                                             10h
management-kas         !hypershift.openshift.io/need-management-kas-access,name notin (aws-ebs-csi-driver-operator)   10h
openshift-ingress      <none>                                                                                         10h
openshift-monitoring   <none>                                                                                         10h
private-router         app=private-router                                                                             10h
same-namespace         <none>                                                                                         10h