ci: Add test case for iptables, exercised via istio init container

Introduce new test case in k8s-iptables.bats which verifies that
workloads can configure iptables in the UVM.

Users discovered that they weren't able to do this for common usecases
such as istio. Proper support for this should be built into UVM
kernels. This test ensures that current and future kernel
configurations don't regress this functionality.

Signed-off-by: Cameron Baird <cameronbaird@microsoft.com>

tests/integration/kubernetes/runtimeclass_workloads/pod-istio.yaml

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2025 Microsoft Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-istio
+spec:
+  restartPolicy: Never
+  containers:
+    - name: test-container
+      image: quay.io/kata-containers/istio/proxyv2:1.26.3
+      args:
+        - istio-iptables
+        - -p
+        - "15001"
+        - -z
+        - "15006"
+        - -u
+        - "1337"
+        - -m
+        - REDIRECT
+        - -i
+        - "*"
+        - -x
+        - ""
+        - -b
+        - "*"
+        - -d
+        - "15090,15021,15020"
+        - --log_output_level=default:info
+      securityContext:
+        capabilities:
+          add: ["NET_ADMIN", "NET_RAW"]
+          drop: ["ALL"]
+  runtimeClassName: kata
+