DNS names can only be up to 255 characters in length:

https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4

Furthermore, DNS matchpattern rules that are excessively long could cause Cilium agent to take a long time to process the rules. It would make sense to impose a (configurable?) limit on these, perhaps something like 63 to begin with.

Tasks:

• Check whether matchName statements are limited to the maximum length of a DNS name
• Create a new hidden configuration flag for max dns matchpattern string length
• Extend the CiliumNetworkPolicy sanitization logic to limit the length of DNS matchname/matchpattern rules
• Extend the preflight check to validate whether any existing CNPs or CCNPs have matchpattern / matchnames that exceed the default limits. If yes, highlight the statements. Instruct the user to configure the above Cilium flag to raise the limits to match the policies they use in their environment.