Consider supporting `localJWKS` for JWT Authentication

[ChristianCiach]

Description:

Currently, you can use a SecurityPolicy to configure JWT authentication by configuring the remoteJWKS field of the JWTProvider.

There may be cases where a remote JWKS endpoint may not exist or may not be directly reachable.

Envoy itself seems to support the configuration of a local_jwks attribute as an inline string or by referencing a file. I think Envoy Gateway should support this, too; either directly as an attribute of type string or by referencing a ConfigMap.

(I don't personally need this feature at the moment, but since Envoy supports this use-case, I think it makes sense to post this as a feature request.)

[mt-inside]

+1 for this feature. If you're maintaining your own JWT PKI, it might not be convenient to have the JWKS hosted over HTTP. There can also be issues with firewalls in restrictive environments.

When previously using Istio ingress, my provisioning scripts generated the private key, JWKS, and some JWTs for admins, and built Istio's equivalent to SecurityPolicy with the JWKS in-line. It'd be great to enable that workflow in EG too.