Description

Adds Istio integration tests with Upstreams.

Code changes

This introduces the following net new tests:

Override test for Istio integration with Upstream and automtls disabled for k8s Gateway resources (validated with disabled peer auth policy)
Override test for Istio integration with Upstream and automtls disabled for Edge Gateway resources (validated with disabled peer auth policy)
Upgrade test for Istio Integration with Upstream with sslConfig -> automtls for Edge Gateway resources
Downgrade test Istio Integration with Upstream with automtls -> sslConfig on Upstream for Edge Gateway resources

These can be added if we decide they are worthwhile:

Adding the SSL config via cli with glooctl istio enable-mtls --upstream httpbin-upstream, removing the SSL config with glooctl istio disable-mtls --upstream httpbin-upstream. Currently the tests directly apply the Upstream with sslConfig since discovery is disabled on the Istio tests. The original Istio regression tests were using discovery and editing the Upstream through the cli. This can cause flakes when updating the Upstream resource.
Sending constant traffic with a pod for the Upgrade/Downgrade tests. We can create a pod that sends traffic with:

          # Make sure target service is available
          while ! nc httpbin-$$TARGET_VERSION.httpbin 8000; do
            sleep 1
          done

          echo "Starting traffic generation from $$SERVICE_VERSION to $$TARGET_VERSION"

          # Every 5s send requests
          while sleep 5s; do

            hey -n 50 http://httpbin-$$TARGET_VERSION.httpbin.svc.cluster.local:8000/status/200 &>/dev/null
          done

I'm not sure how we'd want to assert that the traffic is consistently mtls here though.