Introducing per-service filtering

[eduser25]

Introduces per-destination filter-chain matching on outbound

This change will allow setting specific network filtering on per service
destination, which enables finer configuration per-service level,
as well as the use of different network filters to allow not only L7 traffic
through.

Additional benefits:

• Since we are filtering all permitted traffic, we can generalize and filter
  any remaining traffic as Egress (when enabled), which simplifies Egress
  to not need a CIDR anymore. (TODO: cleanup CIDR flags/code)
• Additional work that might benefit from it: per-service route table
  on RDS, TCP routing, ....

Additionally:

• Fixing the listener tests required adding the long-awaited catalog mock.
  Will add more tests in subsequent commits.

• New Functionality [X]

• Control Plane [X]

• Networking [X]

• SMI Policy [X]

• Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?
  No

[eduser25]

Will also address setting Permissive to TCP proxy, we do have some drawbacks to take care of.

[eduser25]

Fixes for CI/demo expected values will need to be addressed

[codecov-commenter]

Codecov Report

Merging #1725 into main will decrease coverage by 3.87%.
The diff coverage is 10.43%.

@@            Coverage Diff             @@
##             main    #1725      +/-   ##
==========================================
- Coverage   57.28%   53.40%   -3.88%     
==========================================
  Files         118      124       +6     
  Lines        5436     5065     -371     
==========================================
- Hits         3114     2705     -409     
- Misses       2319     2357      +38     
  Partials        3        3              

Impacted Files	Coverage Δ
pkg/catalog/mock_catalog.go	0.00% <0.00%> (ø)
pkg/envoy/lds/response.go	0.00% <0.00%> (ø)
pkg/envoy/lds/listener.go	39.70% <28.78%> (-50.82%)	⬇️
pkg/health/health.go	20.51% <0.00%> (-11.41%)	⬇️
pkg/debugger/index.go	20.00% <0.00%> (-8.58%)	⬇️
pkg/debugger/policy.go	53.84% <0.00%> (-6.16%)	⬇️
pkg/catalog/service.go	72.72% <0.00%> (-5.85%)	⬇️
cmd/cli/util.go	53.33% <0.00%> (-5.50%)	⬇️
pkg/catalog/repeater.go	80.00% <0.00%> (-5.19%)	⬇️
... and 117 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9104dbb...a6c478e. Read the comment docs.

[shashankram]

Looks good overall. I'll pull this change and test it.

[shashankram]

Maybe use a mapset instead.

[eduser25]

mapset is a map underneath, I imagine you want it for readability at this point; I personally dislike adding deps if not strictly needed - more so if those are not golang official packages

[shashankram]

for readability and helpers it provides. We already use it across the code.

[eduser25]

I know, and I never liked it. Want me to change it here though? I'm ok with either in any case

[shashankram]

not necessarily for this PR but in a follow-up would be good.