Add healthz path to AlwaysAllowPaths

[tnqn]

The "/healthz" API is supposed to be accessed anonymously. However,
there were unintentional subjectaccessreviews queries sent to the
Kubernetes API when kubelets were executing liveness probe for antrea
components. This patch adds "/healthz" path to AlwaysAllowPaths to avoid
unnecessary overheads to the Kubernetes API.

[tnqn]

/test-all

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-all: to trigger all tests.
• /skip-all: to skip all tests.

These commands can only be run by members of the vmware-tanzu organization.

[antoninbas]

LGTM

Is it just an optimization or was it creating issues with probes for some clusters?

[tnqn]

@antoninbas it didn't create issues, I observed failed subjectaccessreview requests every 10 seconds when debugging #802 (comment) with Jay (cannot access K8s svc after toggling security group is another issue I haven't root caused yet and may need a EC2 cluster to reproduce) and realized it would lead to 100 requests per second to K8s API in a scale cluster with 1000 nodes.

[antoninbas]

@tnqn thanks for the clarification