Holistic approach to WAF

[mattklein123]

In the wake of the recent CVEs, it's become more clear that we need a holistic approach to WAF, primarily allowing for both blocking, blackholing, etc. both L4 and L7 traffic based on various input parameters.

We have various bits and pieces of this today including RBAC, IP tagging, but we need to look through the type of blocking actions that users want to perform and likely build explicit L4 and L7 WAF filters. We also need to think about how these filters would be dynamically populated with block rules via config, streaming API, etc.

[kprakasam]

@gkleiman I thought I messaged you about working on this, seems I did not, can you let me know when you have sometime so we can coordinate work on this and #10207.

[kprakasam]

Initial design doc https://docs.google.com/document/d/1z3DfT_u36EWjDQt_giEg2IjX-JChXpjKvYbdruUPnBs/edit?usp=sharing

[mattklein123]

Sorry for the long delay. At a high level this LGTM. My preference would be to start with a config proto only PR and we can discuss further there?