feat: support route rule in SecurityPolicy target

[kkk777-7]

What this PR does / why we need it:
It allows to target only a specific route rule in a Security Policy.

According to the Gateway API specification: https://gateway-api.sigs.k8s.io/geps/gep-2648/#section-names

• If the target resource does not have the section name specified by the policy, the policy attachment will fail.
• If multiple policies are attached to the same section name, they are processed according to the standard conflict resolution rules.
• When multiple Policies of the same type target the same object, one with a sectionName and one without, the more specific policy will have its entire spec applied to the named section. The less specific policy will have its spec applied to all other sections of the target that are not targeted by any other more specific policies.

overriding/merging strategy

overrides are applied in the following order of precedence:
Route Rule > xRoute > Listener > Gateway
(Due to the third rule of the Gateway API specification above, the combination of Route Rule/xRoute and Listener/Gateway can also be interpreted as a merge.)

Related Issue

#4085
remain issue open as all policies have not been addressed.

[codecov]

Codecov Report

Attention: Patch coverage is 93.93939% with 10 lines in your changes missing coverage. Please review.

Project coverage is 71.17%. Comparing base (b58edd7) to head (938c9f1).

Files with missing lines	Patch %	Lines
internal/gatewayapi/securitypolicy.go	93.93%	9 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6335      +/-   ##
==========================================
+ Coverage   71.12%   71.17%   +0.05%     
==========================================
  Files         220      220              
  Lines       37971    38056      +85     
==========================================
+ Hits        27005    27086      +81     
- Misses       9393     9396       +3     
- Partials     1573     1574       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[zhaohuabing]

Hi @kkk777-7 thanks for working on this - this PR looks great!

Could you please also add an e2e test to verify the route rule level SecurityPolicy? (you could update an existing SP test, such as basic auth or API key auth, to set the SP at route rule level)

[zhaohuabing]

/retest

[kkk777-7]

@zhaohuabing
thanks for review!
I've added e2e test, please check when you have a moment.

[arkodg]

if we dont support 4 levels of replacement for other policies like BTP and EEP, can we raise a GH issue to track that work ?

[zhaohuabing]

@arkodg 👉 #4085

[arkodg]

LGTM thanks

[arkodg]

thanks @kkk777-7, would be great if we can have 1 testdata showing 4 level replace