Support Listener Isolation

[pleshakov]

Listener isolation means that for a request with the host header X, it can only match routing rules from a single listener, the most specific listener that hostname X.

This is clarified here https://github.com/kubernetes-sigs/gateway-api/blob/cdc85ca46615905238674c535239cac163c21c13/apis/v1/gateway_types.go#L173-L178

As you can see, listener isolation is SHOULD, not MUST.

In our implementation, routing rules for the hostname X can be spread across multiple listeners, as long as the hostname field of those listeners includes X. This means a request header with X will mach across multiple listeners, which violates listener isolation.

This issue further clarifies the problem kubernetes-sigs/gateway-api#2416 including some edge cases (which we don't support).

Acceptance criteria:

• Support listener isolation (it makes sense to do that once conformance tests are defined for it)

Dev Notes:

• Conformance test should have been merged here.

[mpstefan]

Waiting for conformance tests to be completed in Gateway API to implement this one.

[mpstefan]

#2416 is complete in the Gateway Sig repo. Unblocking this.