xds: implement cluster metadata parsing for GCP Authentication filter (gRFC A83)

[Pranjali-2501]

This PR implements the xDS Cluster Metadata parsing logic as specified in gRFC A83. This allows the xDS client to extract and validate cluster metadata to configure the audience used by GCP Authentication filter.

Changes

• GCP Authn Support: Added audienceConverter to parse envoy.extensions.filters.http.gcp_authn.v3.Audience protos.
• CDS Integration: Updated validateClusterAndConstructClusterUpdate to invoke metadata validation.
• Validation: Added strict validation for the url field; an empty URL in the audience metadata will now result in a NACK of the Cluster resource.
• Environment Variable: Metadata parsing for GCP Authn is guarded by the GCPAuthenticationFilterEnabled environment variable.

RELEASE NOTES: N/A

[codecov]

Codecov Report

❌ Patch coverage is 73.33333% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.54%. Comparing base (aa4d281) to head (116d346).
⚠️ Report is 17 commits behind head on master.

Files with missing lines	Patch %	Lines
internal/xds/xdsclient/xdsresource/metadata.go	55.55%	2 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #9044      +/-   ##
==========================================
- Coverage   83.02%   81.54%   -1.49%     
==========================================
  Files         413      413              
  Lines       33229    33448     +219     
==========================================
- Hits        27589    27275     -314     
- Misses       4221     4270      +49     
- Partials     1419     1903     +484     

Files with missing lines	Coverage Δ
internal/xds/xdsclient/xdsresource/type_cds.go	12.24% <ø> (-38.78%)	⬇️
...nternal/xds/xdsclient/xdsresource/unmarshal_cds.go	72.65% <100.00%> (-16.68%)	⬇️
...nternal/xds/xdsclient/xdsresource/unmarshal_eds.go	91.77% <ø> (-4.44%)	⬇️
internal/xds/xdsclient/xdsresource/metadata.go	52.94% <55.55%> (-28.88%)	⬇️

... and 33 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Pranjali-2501]

/gemini review

[gemini-code-assist]

Code Review

This pull request implements support for the GCP Authentication filter (gRFC A83) by adding a new environment variable and an audience metadata converter. It refactors metadata parsing into a shared, exported function and adds a metadata field to cluster updates. Feedback highlights a documentation copy-paste error and suggests expanding the metadata parsing guard in the CDS unmarshaller to ensure compatibility with the HTTP Connect feature.