Prevent Hyperion from being invoked from outside the beamline

[rtuck99]

Once Hyperion is deployed to production beamline we will need some way of ensuring that plans can't be executed by calls from outside the beamline network.

As a minimum we should ensure that only HEAD/GET requests are permitted, it seems like this ought to be something that we can do in the kubernetes Ingress configuration.

If this isn't possible, we could just block all access from outside the beamline.

Acceptance Criteria

• Clients from outside the beamline network cannot execute Hyperion plans or make other writes

[rtuck99]

Currently waiting for
https://jira.diamond.ac.uk/servicedesk/customer/portal/2/SCHD-7502

[rtuck99]

Blocked whilst Giles is away, need to deploy EPICS gateway in beamline cluster

[rtuck99]

See also GitLab merge request:

https://gitlab.diamond.ac.uk/controls/containers/beamline/i03-services/-/merge_requests/11