Add support for backendref service appProtocol

[bjee19]

Proposed changes

Add support for backendref service appProtocol

Problem: Users who want to specify the appProtocol on a Service port should correctly have checks in place so traffic does not flow to those services that do not have the matching appProtocol.

Solution: Mark BackendRefs on routes that cannot send traffic using the specified protocol as invalid and support new NewRouteBackendRefUnsupportedProtocol condition.

Testing: Manually tested changes work and added unit tests.

Manual test cases verified:

HTTPRoute with h2c on works
HTTPRoute with h2c off correctly shows invalid protocol condition, generates nginx conf which points route to invalid backendRef, and correctly returns 500 status code when sending traffic
HTTPRoute with ws works
HTTPRoute with wss and a corresponding backendTLSPolicy correctly shows valid condition generates correct nginx conf, traffic flows
HTTPRoute with wss and no backendTLSPolicy correctly shows invalid protocol condition, generates nginx conf which points route to invalid backendRef, and correctly returns 500 status code when sending traffic

GRPCRoute with h2c on works
GRPC with h2c off correctly shows unsupported configuration condition, generates nginx conf which points route to invalid backendRef. (This is a different condition because the route cannot attach to the gateway).
GRPCRoute with ws correctly shows unsupported protocol condition, generates nginx conf which points route to invalid backendRef
GRPCRoute with wss correctly shows unsupported protocol condition, generates nginx conf which points route to invalid backendRef

TLSRoute with h2c correctly shows unsupported protocol condition, generates nginx conf whichh points to connection closed server
TLSRoute with ws correctly shows unsupported protocol condition, generates nginx conf which points to connection closed server
TLSRoute with wss works

Use this chart as reference for supported protocol -> route type. https://gateway-api.sigs.k8s.io/geps/gep-1911/#supporting-protocols

Closes #2945

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING doc
• I have added tests that prove my fix is effective or that my feature works
• I have checked that all unit tests pass after adding my changes
• I have updated necessary documentation
• I have rebased my branch onto main
• I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

Add support for appProtocol on BackendRefs which point to a Kubernetes Service with a specified appProtocol on the target Service Port.

[codecov]

Codecov Report

Attention: Patch coverage is 92.85714% with 7 lines in your changes missing coverage. Please review.

Project coverage is 86.81%. Comparing base (f032685) to head (dfc6066).

Files with missing lines	Patch %	Lines
internal/controller/state/conditions/conditions.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3511      +/-   ##
==========================================
+ Coverage   86.78%   86.81%   +0.03%     
==========================================
  Files         127      127              
  Lines       15079    15169      +90     
  Branches       62       62              
==========================================
+ Hits        13086    13169      +83     
- Misses       1841     1848       +7     
  Partials      152      152              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bjee19]

Still debugging one conformance test HTTPRouteBackendProtocolH2C which I don't think is affected by these changes; it's failure is either product related or conformance test related. In the meanwhile, the PR is ready for review.

[sjberman]

How about the H2C test?

[sjberman]

Oh, just saw your comment above.

[sjberman]

I'm assuming it's not test related, because there are multiple other implementations that support it.

[bjee19]

Yea most likely not, but it also feels like the appProtocol tests aren't too fleshed out, and I'm looking into some stuff where the request the test makes doesn't actually have a host. And it kind of makes sense when the conformance test errors with status code 400, which is a "Bad request". But i'll keep looking into it.