Add file `mode` to `Pipe` listeners

[franklin-stripe]

Title: Add file mode to Pipe listeners

Description:
Envoy can be configured with Unix domain socket listeners via the Pipe Address type. By default, these sockets are created such that only the file owner can read and write to them, and the typical umask of 0022 prevent access from group or world. We have a use case where we'd like to grant fine-grain access to individual Pipe listeners (either via group- or world-permissive configurations)

It'd be nice if Pipes could be configured individually for what mode permissions they should be created with. This would allow users to have fine-grain permissions per-listener, rather than working around it with a broad umask change.

[mattklein123]

Sounds reasonable to me.

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[stale]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

[madeddie]

This sounds like a great idea and we need it (running envoy as user envoy on a non-dockerized load)

[mattrobenolt]

This would be really useful to have. Or some implementation of being able to configure user/group and mode on the unix sockets. Similar to how haproxy would do it, etc.

There have also been multiple tickets for this so I didn't want to open another, but it's a shame that these are being auto closed for being stale. :( So I'm adding a louder +1 here mostly in hopes of this getting re-opened.

@alyssawilk maybe? Since you're in the OWNERS.md for listeners? :)

[mattklein123]

Reopening and marking help wanted.

[mattrobenolt]

Thanks @mattklein123. <3

[athampy]

I can pick this up