feat(xds): Add ExtAuthzClientInterceptor and related components

[sauravzg]

This PR sits on top of https://github.com/grpc/grpc-java/pull/12495, so only the last commit + any fixups need to be reviewed.

This commit introduces the client-side implementation of the external authorization filter.

The main component is the ExtAuthzClientInterceptor, which intercepts outgoing RPCs and performs external authorization checks. It uses a BufferingAuthzClientCall to buffer the outgoing RPC until the authorization decision is received from the authorization service.

I tried using DelayedClientCall but that's a final class with a protected constructor that made extending it to start a background call slightly difficult

The following new classes are introduced:

• ExtAuthzClientInterceptor: The main client interceptor for external authorization.
• BufferingAuthzClientCall: A ClientCall implementation that buffers requests until an authorization decision is made.
• CallBuffer: A helper class for BufferingAuthzClientCall to manage the buffered calls.
• FailingClientCall: A utility ClientCall that immediately fails, used when the filter is disabled and configured to deny calls.

This commit also includes comprehensive unit and integration tests for the new components.

• [] #12491 feat(xds): Update Envoy proto definitions and add ExtAuthz gRPC service
• [] #12492 feat(xds): Add configuration objects for ExtAuthz and GrpcService
• [] #12493 feat(xds): Implement request builder for external authorization
• [] #12494 feat(xds): Add header mutations library
• [] #12495 feat(xds): Implement response handling for external authorization
• [x] #12496 feat(xds): Add ExtAuthzClientInterceptor and related components
• [] TBD: PR_LINK feat(xds): Add ExtAuthzServerInterceptor and tests
• [] TBD: PR_LINK feat(xds): Add ExternalAuthorizationFilter