Add https-listener-rules to test filtering unauthenticated endpoints

[rfairburn]

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/ or orbit/changes/.
  See Changes files for more information.
• Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)
• Documented any permissions changes (docs/Using Fleet/manage-access.md)
• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
• Added support on fleet's osquery simulator cmd/osquery-perf for new osquery data ingestion features.
• Added/updated tests
• Manual QA for all new/changed functionality
  • For Orbit and Fleet Desktop changes:
    • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
    • Auto-update manual QA, from released version of component to new version (see tools/tuf/test).

[georgekarrv]

any reason not to have all 6 exceptions in one rule? otherwise this looks good

[rfairburn]

any reason not to have all 6 exceptions in one rule? otherwise this looks good

AWS returned an error once I had too many * in a single rule. This is to avoid hitting the wildcard limit.

[lukeheath]

Merge Gatekepper is saying this job failed:

• Deploy Fleet Dogfood Environment

But I don't see it in the list of jobs.

[lukeheath]

@rfairburn Feel free to squash and merge with gatekepeer failing. Looks like it's looking for a dogfood publish job that isn't running.

[rfairburn]

I don't intend to ever merge this.

[rfairburn]

Originally this was for visibility while everyone was working so that I could share the diff I was applying, but this shouldn't permanently be part of dogfood. I will close it once we have what we want working for the customer.

[rfairburn]

closing this since we don't want it permanently in main.