fix: prevent access to internal apl service

[j-zimnowoda]

📌 Summary

Prevents access to the tools container on port 17771.
Runs internal service on localhost only, thus removal of the readiness probe for that container.

🔍 Reviewer Notes

Deploy netshoot to test connectivity

# NS=otomi
# kubectl -n $NS run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash

Before connection to api on 17771 was not denied

tmp-shell:~# curl 10.2.2.56:8080/v1/teams
{"error":"'Authorization' header required"}
tmp-shell:~# curl 10.2.2.56:17771
{"status":"ok"}tmp-shell:~# curl 10.2.2.56:17771

After connection to api on 17771 is denied

tmp-shell:~# curl 10.2.1.41:8080/v1/teams
{"error":"'Authorization' header required"}tmp-shell:~#
tmp-shell:~# curl 10.2.1.41:17771
curl: (56) Recv failure: Connection reset by peer

🧹 Checklist

• Code is readable, maintainable, and robust.
• Unit tests added/updated

[CasLubbers]

With the side note that migrating to this will take some time to remove the healthcheck