Add support for OpenID Connect (OIDC)

[zhaohuabing]

What would you like to be added:
The ability to configure OpenID Connect (OIDC) authentication on a Gateway or an HTTPRoute.

Why this is needed:
OpenID Connect (OIDC) authentication is an authentication standard built on top of OAuth 2.0.
It enables client applications to rely on authentication that is performed by an OpenID Connect Provider (OP)
to verify the identity of a user. It's widely used in web applications and supported by Gateway implementations.

Existing Implementations:
Some existing data planes that support OIDC Authentication

• Envoy - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/oauth2_filter

Some existing control planes that support Basic Authentication

• Envoy Gateway - https://github.com/envoyproxy/gateway/blob/main/site/content/en/latest/user/oidc.md
• Ingress Nginx - https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/

This could be part of a fat SecurityPolicy, or a standalone OIDC policy, as mentioned in this comment: #2626 (reply in thread).

Relates to:

• proposal: SecurityPolicy envoyproxy/gateway#1845
• Add support for HTTP Basic Authentication #2626

[zhaohuabing]

This is how OIDC is supported with SecurityPolicy in Envoy Gateway:

apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: oidc-example
spec:
  targetRef:
    group: gateway.networking.k8s.io
    kind: HTTPRoute     # can target at Gateway or HTTPRoute
    name: backend
  oidc:
    provider:
      issuer: "https://accounts.google.com"                  
    clientID: "${CLIENT_ID}.apps.googleusercontent.com"
    clientSecret:
      name: "my-app-client-secret"