What

To support adding external auth to your application when using Gateway API via Istio as the provider, we should look to add an Istio specific extension to the HTTPFilter that allows an external auth service to use to be specified. This is effectively leveraging the same behaviour as the CUSTOM AuthorizationPolicy but reducing the amount of configuration needed by the developer

Example use case

As a developer leveraging gateway API to manage ingress and routing rules, I would like to specify an Auth provider to use that has been configured by my cluster administrator as a envoyExtAuthzGrpc provider. I would like the context of my HTTPRoute to be used to reduce the amount of configuration I have to manage (IE what workloads to use, which routes/paths to apply the external auth call).