Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set via ClientTrafficPolicy

[zhaohuabing]

@zhaohuabing should we only disable h2 if ALPN is unset, and consider using user intent if both are set ? while flagging it in status ? referring to @arminabf's case

Agree. Disabling HTTP2 without notice could surprise users, and this behavior isn’t consistent with what the ClientTrafficPolicy is intended to enforce.

another stronger decision (will be a breaking change) is to reject the CTP if ALPN is set to h2 for this case, it will atleast be caught earlier before promoting the config to prod

I prefer the previous solution - this one mixes CTP APLN settings with the cert conflicts in the listener, which makes it difficult to explain in the CTP status with a clean message.

Originally posted by @zhaohuabing in #6126