Network-config-analyzer

Changes in this Release:

Many improvements to the generated graphviz-based graph:
Endpoints sharing the same connectivity and the same namespace are grouped together to reduce the total number of edges.
If the graph contains a large-enough set of endpoints, in which each pair of endpoints is connected in exactly the same way, a Clique node will be created, and all endpoints in the set will connect to this (meta-)node. This also reduces the total number of edges
If the graph contains two large-enough sets of endpoints A and B, where the allowed connectivity from any endpoint in A to any endpoint in B is the same, a Bi-Clique node will be created, and every endpoint in A will connect to this (meta-)node, and the Bi-Clique will connect to every node in B.
Labels on edges are shortened, and a legend explains what each shortening means.
Explainability: A new flag, --explain, appends to connectivity reports the exact set of resources that take part in setting the allowed connectivity between endpoints. Such explanation can be provided for the connectivity between a given set of endpoint, e.g., --explain default/Pod1[Pod],ns2/deployment-D[Deployment] or between every pair of endpoints by specifying --explain ALL.
Istio traffic management: Supporting ServiceEntries as hosts in the spec of Sidecar egress.
Improved performance via a new data-structure. This is currently under a feature flag: -opt=true.
Graphviz added to docker images
Various bug fixes

Changes in this Release:
* Reporting much simpler regular expressions in connectivity reports and in connectivity-diff reports
* Adding the `jpeg` format to the list of allowed formats for connectivity reports (when using the `--output_format` command-line flag or the `outputConfiguration.outputFormat` scheme object). This will automatically convert a `dot` graph to a jpeg image file. Requires GraphViz to be preinstalled and `PATH` to include its `bin` directory.
* Fixed: Exit code should be 7 if an handled exception made it to `nca_main`
* Added OpenSSF Scorecard badge to repo
* Removed dependency on `ruamel.yaml`
* Minor bug fixes

Changes in this Release:
* Fixing PyPI package to also include required YAML files

Changes in this Release:
* Most queries can now output their results in JSON/YAML formats. In a scheme file set `outputConfiguration.outputFormat` to either `json` or `yaml`. From the command-line, use the `-o` flag with either `json` or `yaml` value.
* Query results will no longer refer to IPv6 address space, unless there are network-connectivity resources (e.g., NetworkPolicy) that explicitly refer to such addresses. To force including IPv6 addresses in query results, use the `--print_ipv6` command line flag. Alternatively, set `outputConfiguration.excludeIPv6Range` to `false` in your scheme file.
* Improved connectivity-map output whenever Istio resources are present. Two connectivity maps will be produced now: one for TCP connections and another one for all other protocols.
* Improved usability for shift-left analysis: when policies refer to certain resources missing from the input config, check if they can be added to enable the analysis. Taking into account resources that are usually visible in a live cluster mode: Ingress-controller pod, Istio ingress gateway pod, and kube-dns pod. Documentation is available [here](https://github.com/IBM/network-config-analyzer#simulating-live-cluster-missing-resources).
* Queries will not execute if there are no endpoints in a given network configuration. An error message is printed in such a case.
* Removed support for running as a REST-API server (the `--daemon` flag). Instead, use [nca-rest-server](https://github.com/np-guard/nca-rest-server).
* Not printing back-trace on errors such as syntax errors.
* Avoiding crash on a malformed yaml
* Avoiding crash in the presence of helm charts if `helm` executable cannot be found.
* Handle YAML files with UTF-8 characters
* Ingress resource parsing: issue warning instead of error when service referenced by backed is missing
* Query all-captured output: consider Istio layer as well