Allow access to the private network for cloud and firewall controller

On a on-premise setup of garden cluster, the endpoints lie in a private network.

charts/internal/control-plane/templates/cloud-controller-manager.yaml

@@ -47,6 +47,7 @@ spec:
         networking.gardener.cloud/from-prometheus: allowed
         networking.gardener.cloud/to-dns: allowed
         networking.gardener.cloud/to-shoot-apiserver: allowed
+        networking.gardener.cloud/to-private-networks: "allowed"
         networking.gardener.cloud/to-public-networks: allowed
         networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: "allowed"
     spec:

charts/internal/control-plane/templates/firewall-controller-manager.yaml

@@ -102,6 +102,7 @@ spec:
         networking.gardener.cloud/from-prometheus: "allowed"
         networking.gardener.cloud/to-dns: "allowed"
         networking.gardener.cloud/to-public-networks: "allowed"
+        networking.gardener.cloud/to-private-networks: "allowed"
         networking.gardener.cloud/to-shoot-apiserver: "allowed"
         networking.gardener.cloud/to-runtime-apiserver: "allowed"
         networking.resources.gardener.cloud/to-kube-apiserver-tcp-443: "allowed"