Fedora SELinux policy offers an exemption tunable to allow a TCP connection
to external servers. This changes enables it for the bastion role.

Policy is defined in policy/modules/system/authlogin.te as is:
corenet_tcp_connect_http_port(login_pgm)

References:

• https://bugzilla.redhat.com/show_bug.cgi?id=841693
• https://github.com/fedora-selinux/selinux-policy/commit/944db72223a1d4137ad8470a4ded38441f97ac24

This configuration block is currently no-op in production, as we don't have
any Fedora bastion currently (CentOS is used for Docker engines, but these
are not intended to get bastion role).