why do we need implied allow egress rule for Backend instances?

I’m glad you’re checking your understanding, here!  The story for this implied-allow-egress rule is exactly the same as for the implied-deny-ingress one: as I say at 10:45, "I’ve just listed that rule here, to make it explicit, but me adding this line has no impact whatsoever on what actually happens.  This is what Google does automatically, even if you don’t do anything." 🙂