api: useForRouting field in JWT

Add a field called `useForRouting` that signals to Envoy Gateway
that the headers generated from the claims are used to make routing
decisions

Internally this field will be used to
* insert a catch-all route with a 404 direct response
identical to envoyproxy#2586 which
makes sure the jwt filter with `claimToHeader` is applied before
recomputing routing decision
* enable `clear_route_cache` to recompute routing decision
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/jwt_authn/v3/config.proto#extensions-filters-http-jwt-authn-v3-jwtprovider

Relates to envoyproxy#2452

Signed-off-by: Arko Dasgupta <[email protected]>

api/v1alpha1/jwt_types.go

@@ -85,6 +85,10 @@ type ClaimToHeader struct {
 	// (eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
 	// to separate the JSON name path.
 	Claim string `json:"claim"`
+
+	// UseForRouting must be enabled if this header generated from the claim should be used for
+	// route matching decisions
+	UseForRouting *bool `json:"useForRouting,omitempty"`
 }
 
 // JWTExtractor defines a custom JWT token extraction from HTTP request.

site/content/en/latest/api/extension_types.md

@@ -229,6 +229,7 @@ _Appears in:_
 | ---   | ---  | ---      | ---         |
 | `header` | _string_ |  true  | Header defines the name of the HTTP request header that the JWT Claim will be saved into. |
 | `claim` | _string_ |  true  | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type (eg. "claim.nested.key", "sub"). The nested claim name must use dot "." to separate the JSON name path. |
+| `useForRouting` | _boolean_ |  true  | UseForRouting must be enabled if this header generated from the claim should be used for route matching decisions |
 
 
 #### ClientIPDetectionSettings