[EOEPCA/IAM] Check behaviour and usability of ApisixUpstream

[w-scho]

There seem to be some oddities around ApisixUpstream that may require further attention.

In our local test environment, I tried the following:
I configured an HTTPS port (443) for Keycloak and changed the route so that it pointed to it. As expected, this broke the route, because APISIX tried to access the HTTPS port using HTTP.
I added an ApisixUpstream with scheme https. No effect. So the upstream does not seem to be honoured.
I changed the port in the route back to 80. The route is still broken, but now because APISIX tries to access the HTTP port using HTTPS. So the upstream config has now become effective.
I changed the port in the route to 443 again. Now the route works as expected.

So apparently a new (or modified?) ApisixUpstream does not seem to have an effect on a route until the route is modified. This is a bug IMO and may be extremely confusing in a declarative environment like K8s.
Additionally I noticed that scheme: https is only allowed on the global level, but not in a proxyLevelSettings section. They seem to have missed this when fixing apache/apisix#3430.
I also encountered this error: apache/apisix-ingress-controller#1996
It does not seem to stop the ApisixUpstream from working, but causes lots of useless warnings in the ingress controller logs. It might also be a reason for ApisixUpstreams not taking effect until a route is modified

[w-scho]

The observations have been integrated into the Ingress Configuration Guide within the scope of #69.