[BUG] conformance hostNetwork ports

[npinaeva]

What happened:
We are using hostNetwork pods in our conformance manifests in range 34345-36366.

network-policy-api/conformance/base/manifests.yaml

Lines 261 to 315 in 62b446c

	containers:
	- name: centaur-client
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	- name: centaur-36363-tcp
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	command: ["/bin/bash", "-c", "/agnhost serve-hostname --tcp --http=false --port 36363"]
	ports:
	- containerPort: 36363
	protocol: TCP
	name: web-36363
	- name: centaur-36364-tcp
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	command: ["/bin/bash", "-c", "/agnhost serve-hostname --tcp --http=false --port 36364"]
	ports:
	- containerPort: 36364
	protocol: TCP
	name: web-36364
	- name: centaur-34345-udp
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	# using random http port to avoid conflict with processes on the host (there is no way to disable http port on netexec)
	command: ["/bin/bash", "-c", "/agnhost netexec --http-port 34358 --udp-port 34345 --udp-listen-addresses $(HOST_IP)"]
	ports:
	- containerPort: 34345
	protocol: UDP
	name: dns-34345
	env:
	- name: HOST_IP
	valueFrom:
	fieldRef:
	fieldPath: status.hostIP
	- name: centaur-34346-udp
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	# using random http port to avoid conflict with processes on the host (there is no way to disable http port on netexec)
	command: ["/bin/bash", "-c", "/agnhost netexec --http-port 34357 --udp-port 34346 --udp-listen-addresses $(HOST_IP)"]
	ports:
	- containerPort: 34346
	protocol: UDP
	name: dns-34346
	env:
	- name: HOST_IP
	valueFrom:
	fieldRef:
	fieldPath: status.hostIP
	- name: centaur-9003
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	command: ["/bin/bash", "-c", "/agnhost porter"]
	env:
	- name: SERVE_SCTP_PORT_9003
	value: "foo"
	- name: centaur-9005
	image: registry.k8s.io/e2e-test-images/agnhost:2.45
	command: ["/bin/bash", "-c", "/agnhost porter"]
	env:
	- name: SERVE_SCTP_PORT_9005
	value: "foo"

This intersects with the default ephemeral port range > 32768.
This can cause an attempt to bind a port that is already used by another process and leads to test failure.

What you expected to happen:
Predictable behaviour for conformance tests.

How to reproduce it (as minimally and precisely as possible):
Bind one of the metnioned port on a worker node and run a test

Anything else we need to know?:

[danwinship]

Ideally we would let the user pass in a range of acceptable host network ports to use, since different clusters are going to have different firewalling, etc. This would require dynamically generating some things that we currently generate statically, but it might not be bad. Nadia was going to think about this.