rancher: Rancher deployed Apps incorrectly add io.cattle.field/appId to NetworkPolicy selector specification

What kind of request is this (question/bug/enhancement/feature request): BUG

Steps to reproduce (least amount of steps as possible):

• Rancher v2.4.6
• deploy an app containing a NetworkPolicy definition from a custom v3 catalog

Result:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    meta.helm.sh/release-name: test
    meta.helm.sh/release-namespace: test
  labels:
    app.kubernetes.io/managed-by: Helm
    io.cattle.field/appId: test
  name: test
  namespace: test
spec:
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: ingress-controller
      podSelector:
        matchLabels:
          app: nginx-ingress
          io.cattle.field/appId: test
          release: nginx-ingress
    - podSelector:
        matchLabels:
          io.cattle.field/appId: test
          release: test
  podSelector:
    matchLabels:
      io.cattle.field/appId: test
      release: test
  policyTypes:
  - Ingress

Other details that may be helpful: Probably related to rancher/rancher#28381 When Rancher adds io.cattle.field/appId to podSelector for nginx-ingress, it mixes labels related to the deployed app and the targeted pod.

Environment information

• Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): v2.4.6
• Installation option (single install/HA): single

Cluster information

• Cluster type (Hosted/Infrastructure Provider/Custom/Imported): imported
• Machine type (cloud/VM/metal) and specifications (CPU/memory): N/A
• Kubernetes version (use kubectl version): N/A

gz#14513