policies: configurable engine mode (#682)

* policies: add policy_engine_mode field, defaults to MODE_ALL

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: add policy_engine_mode to API

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: add policy_engine_mode to forms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* policies: update default for new objects

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* docs: add to release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

website/docs/releases/next.md

@@ -2,7 +2,21 @@
 title: Next
 ---
 
-# TBD
+## Headline Changes
+
+- Configurable Policy engine mode
+
+    In the past, all objects, which could have policies attached to them, required *all* policies to pass to consider an action successful.
+    You can now configure if *all* policies need to pass, or if *any* policy needs to pass.
+
+    This can now be configured for the following objects:
+
+        - Applications (access restrictions)
+        - Sources
+        - Flows
+        - Flow-stage bindings
+
+    For backwards compatibility, this is set to *all*, but new objects will default to *any*.
 
 ## Upgrading