Ensure Envoy recommended edge proxy settings are set by default

[arkodg]

Description:
Ensure we are setting Envoy Edge Proxy settings by default to the values specified in https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge#configuring-envoy-as-an-edge-proxy

TCP proxies

• restrict access to the admin endpoint, Adds Envoy Bootstrap Config #206
• overload_manager,
• listener buffer limits to 32 KiB, feat: set tcp proxy listener buffer #1306
• cluster buffer limits to 32 KiB. feat: set tcp proxy cluster buffer #1325

HTTP proxies:

• use_remote_address to true (to avoid consuming HTTP headers from external clients, see HTTP header sanitizing for details) ensure use_remote_address is set #1029,
• connection and stream timeouts,
• HTTP/2 maximum concurrent streams limit and HTTP/3 maximum concurrent streams limit to 100 Added http best practices to hcm #1408
• HTTP/2 initial stream window size limit to 64 KiB, Added http best practices to hcm #1408
• HTTP/2 initial connection window size limit to 1 MiB. Added http best practices to hcm #1408
• headers_with_underscores_action setting to REJECT_REQUEST, to protect upstream services that treat ‘_’ and ‘-’ as interchangeable. Added http best practices to hcm #1408
• Listener connection limits.
• Global downstream connection limits. #1966

If Envoy is configured with RBAC filter or makes route selection based on URL path it is recommended to enable the following path normalization options to minimize probability of path confusion vulnerabilities. Path confusion vulnerabilities occur when parties participating in request use different path representations.

• Enable normalize_path setting. feat: set path normalization settings #1341
• Enable merge_slashes setting. feat: set path normalization settings #1341
• Additionally the path_with_escaped_slashes_action setting should be set feat: set path normalization settings #1341

[Xunzhuo]

I will work on it.