fix(MeshHTTPRoute): allow "kuma.io/unresolved-backend" service name for GAMMA compliance

[bartsmykla]

Normally, service names cannot contain forward slashes ("/"). However, there are exceptions during resource conversion:

• Gateway API to Kuma MeshHTTPRoute Conversion When converting an HTTPRoute from Gateway API to a MeshHTTPRoute (Kuma's resource definition), there might be situations where the targeted backend reference cannot be found. In such cases, Kuma sets the service name to "kuma.io/unresolved-backend". This name includes a forward slash, but it's allowed as an exception to handle unresolved references.

Checklist prior to review

• Link to relevant issue as well as docs and UI issues
  • No relevant issues
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS
  • It won't
• Tests (Unit test, E2E tests, manual test on universal and k8s)
  • Manually tested
  • Don't forget ci/ labels to run additional/fewer tests
• Do you need to update UPGRADE.md?
  • There is no need
• Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)
  • There is no need

[lahabana]

I think this value seems weird. Weakening validation seems pretty risky to me... what's @michaelbeaumont 's opinion?

[bartsmykla]

@lahabana that's how it currently work for MeshGatewayRoute's (re. 97552c1) and according to code, that's how it should work for GAMMA (it doesn't because validation is not allowing to convert HTTPRoutes to MeshHTTPRoutes when targeted backend is not found)

What could be done is what @michaelbeaumont suggested here:

A different option would be to mark a backend explicitly as missing endpoints, as opposed to a special tag value:

backends:
  - unresolvedEndpoints: true
  - destination:
      kuma.io/service: some-working-backend

[michaelbeaumont]

Yeah, the option as Bart pointed out would work. I wouldn't look at it as weakening validation per se, it's just to allow us to use a reserved string, same as we do for keys. Is there another way to prevent a collision with a real service?

[bartsmykla]

We can switch this behavior in following up PR. I would vote for merging this as currently when HTTPRoute is targeting GAMMA resources with non-existing backendRefs, our validation webhook just refuses the conversion (which is incorrect).