feat(xds): Implement response handling for external authorization

[sauravzg]

This PR sits on top of https://github.com/grpc/grpc-java/pull/12494, so only the last commit + any fixups need to be reviewed.

This commit introduces the CheckResponseHandler and AuthzResponse classes, which are responsible for processing responses from the external authorization service.

The CheckResponseHandler parses the CheckResponse protobuf, determines whether the request should be allowed or denied, and applies any header mutations specified in the response. It handles both OkHttpResponse and DeniedHttpResponse messages.

The AuthzResponse class is a value object that represents the outcome of the authorization check, encapsulating the decision (allow or deny), the status to be returned to the client (for deny decisions), and any header mutations.

The relevant section is: https://github.com/grpc/proposal/pull/481/files#diff-6bb76a24aa142cc33db9218509688f01b30c8885d2fd8849f164244e68cd54eaR252-R282

This commit also includes unit tests for the new components.

• [] #12491 feat(xds): Update Envoy proto definitions and add ExtAuthz gRPC service
• [] #12492 feat(xds): Add configuration objects for ExtAuthz and GrpcService
• [] #12493 feat(xds): Implement request builder for external authorization
• [] #12494 feat(xds): Add header mutations library
• [x] #12495 feat(xds): Implement response handling for external authorization
• [] TBD: PR_LINK feat(xds): Add ExtAuthzClientInterceptor and related components
• [] TBD: PR_LINK feat(xds): Add ExtAuthzServerInterceptor and tests
• [] TBD: PR_LINK feat(xds): Add ExternalAuthorizationFilter