As soon as a project is added to a member roll the operator creates on the istio-expose-route-basic network policy to allow non-mesh services receive external traffic using routes, provided they have the label maistra.io/expose-route: "true".

That behavior should be configurable from the SMMR resource to avoid/enable the creation of such network policy on demand, as it can be seen as a security concern because users can bypass the restrictions added by the Service Mesh by adding the label in their deployments and creating routes.

Acceptance Criteria:

• enable/disable switch added to SMCP
• istio-operator test that verifies that the SMCP switch works
• should be added to 1.1, 2.0, 2.1 streams
• documentation PR that explains how to use the feature