Add dev friendly unsecured LZ V2 package set (no org policies that block redeployment of the GKE/KCC cluster)

[fmichaelobrien]

A developer needs a repeatable way to create/delete packages but also to create/delete the GKE KCC cluster
Start with not deploying the gatekeeper-policies
https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/docs/landing-zone-v2/README.md#gatekeeper-policies

See for example
-Re-creating the CC GKE cluster after deploying the landing-zone solution requires removal of the requireShieldedVM org policy

• [BUG] Re-creating the CC GKE cluster after deploying the landing-zone solution requires removal of the requireShieldedVM org policy - kubernetes intent engine will replace it back post-create #132
• revisit the rest of the org policies
• remove PSC, dns zones
• remove VPC flow logs

Documentation draft at

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/wiki/DevOps

see also
#534
#549
#548
#541
#545
#546
#535

[obriensystems]

20231019 setup.sh script for kcc cluster delete/recreate and lz kpt apply/destroy in #446 (comment) under https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/gh446-hub/solutions/setup.sh

see package and kcc cluster deletion in #344

disable project liens as part of developer friendly workflow
For example - before the kpt live destroy - lifecyle can reconcile - we need to pre-disable the project or delete the lien

michael@cloudshell:~/dev/pdt-oldev/obriensystems (audit-prj-id-oldv1)$ gcloud config set project net-host-prj-prod-oldv1
Updated property [core/project].
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ gcloud alpha resource-manager liens list
NAME: p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008
ORIGIN: xpn.googleapis.com
REASON: This lien is added to prevent the deletion of this shared VPC host project. The host project should be disabled before it is deleted.
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ gcloud alpha resource-manager liens delete  p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008
Deleted [liens/p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008].
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$

michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ kpt live destroy landing-zone
folder.resourcemanager.cnrm.cloud.google.com/infrastructure.networking.prodnetworking reconcile successful

[obriensystems]

add #588
add #132

[obriensystems]

Actually for 1 of the 2 - the historical Shielded - we are good with the following override

michael@cloudshell:~/kcc-oi/kpt (kcc-oi-9428)$ kubectl get gcp -n policies
NAME                                                                                                         AGE     READY   STATUS     STATUS AGE
resourcemanagerpolicy.resourcemanager.cnrm.cloud.google.com/compute-require-shielded-vm-except-mgt-project   9m36s   True    UpToDate   9m8s