Implement an egress-policy: warn-only mode

[varunsh-coder]

microsoft/msquic#2310 (comment)

It should not block traffic, but should warn if there are new endpoints.

[wenqiglantz-agi]

I would like to request this "warn-only" mode as well, in addition to the existing feature of traffic blocking. The use case I ran into is that our github actions workflows contain outbound endpoints referring to AWS region, such as "lambda.us-east-1.amazonaws.com:443". But we don't use the same region for our different AWS accounts, resulting additional outbound endpoints need to be added to the list so traffic doesn't get blocked when running for accounts pointing to a different region than the one defined in the endpoint urls.

I think it's a good idea to let the users/companies decide which approach they are comfortable with. For companies who only deal with a set number of limited regions, adding the respective outbound endpoints for each region is not unreasonable. The problem is that it can be easily missed. Users may not be watching closely enough the region value in the endpoints, ended up traffic getting blocked unintentionally. Warn mode is definitely nice to have, especially for companies who deal with many different regions for different accounts.