RateLimit: Add ability to configure denying traffic if rate limit service is failing

[nzoschke]

Title: Add an option to the rate limit filter config to deny traffic on rate limit RPC service failures

Description:
Currently if external rate limit requests fail, requests continue through the filter chain. This "fail open" design is a reasonable default so APIs remain available during rate limit service maintenance or failures.

However for a very sensitive data service, we'd prefer to "fail closed" and not expose the service to non-rate limited traffic.

The ext_authz filter has this concept with the failure_mode_allow boolean.

Relevent links:
https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2alpha/ext_authz.proto#envoy-api-msg-config-filter-http-ext-authz-v2alpha-extauthz

[mattklein123]

Sounds reasonable to me.