I have couple services in my namespace with common suffix to their labels and I would like to add the same Istio's AuthorizationPolicy to each (same rule, different source). I wonder if there is a way to write only one policy to all of them. The easiest way would be if spec.selector.matchLabels would except regex but IIUC this is not supported. Is there another way? Would adding a common label to the services would work? at what level that label should be? (service, deployment, pod) Thanks