Make CWNP Validation more strict

[majst01]

We should enforce that for every rule specified either to or toFQDNs and port is specified to prevent accidentally open to wide

[Gerrit91]

Another idea that comes to mind is implementing a validation webhook. This could run as a dedicated pod in the seed's shoot namespace and watch the shoot api-server. This way, we could decline erroneous resources directly before storing them into ETCD.