envoy postgres: support require downstream ssl

Commit Message: Support require downstream ssl in postgres filter. Once this value is set to true and client doesn't send ssl negotiation message, postgres will send back an error response and close connection. The behavior won't change for current users, because the default is set to false that downstream ssl is not required.

fix: https://github.com/envoyproxy/envoy/issues/31049 Additional Description: Risk Level: Low Testing: unit test and tested locally Docs Changes: changelogs/current.yaml Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional API Considerations:]

May 11 '25 23:05 Yuanguo-notebook

@cpakulski can you take a first look as the owner /wait

May 15 '25 18:05 kyessenov

Yes, I will review it. Thanks for reminding me!

May 15 '25 20:05 cpakulski

While we are figuring out how to move forward for invalid config, can I get a review of the rest of the PR? thanks

Jun 01 '25 17:06 Yuanguo-notebook

Quick bump here. Can I get another review? thanks

Jun 16 '25 02:06 Yuanguo-notebook

I will defer to @cpakulski for approval on this.

/wait-any

Jun 17 '25 02:06 mattklein123

LGTM. Please correct indicated comments. Other than that it looks really good. Thanks!

Thanks for reviewing! just updated to address all the comments.

Jun 19 '25 20:06 Yuanguo-notebook

Just found two minor wording problems. It looks great. Thanks!

updated!

Jun 21 '25 00:06 Yuanguo-notebook

Hi @mattklein123 , can I get a review from you? thank you!

Jun 21 '25 02:06 Yuanguo-notebook