http rate limit filter v3: add support for failure_mode_deny runtime overrides (#39942)

<!--
!!!ATTENTION!!!

If you are fixing *any* crash or *any* potential security issue, *do
not*
open a pull request in this repo. Please report the issue via emailing
[email protected] where the issue will be triaged
appropriately.
Thank you in advance for helping to keep Envoy secure.

!!!ATTENTION!!!

For an explanation of how to fill out the fields, please see the
relevant section
in
[PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md)
-->

Commit Message: add new `failure_mode_deny_percent` optional
RuntimeFractionalPercent field to the
`type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
`filter, so that if specified, its runtime value overrides the default
failure_mode_deny value
Additional Description: the change does not consider deprecating the
existing `failure_mode_deny` parameter
Risk Level: Low
Testing: adds unit tests, and manually tested behaviour with the
following Envoy config
```yaml
admin:
  profile_path: /tmp/envoy.prof
  access_log:
  - name: envoy.access_loggers.file
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
      path: /dev/null
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 8001

layered_runtime:
  layers:
    - name: admin
      admin_layer: {}

static_resources:
  listeners:
  - name: web
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 8100
    per_connection_buffer_limit_bytes: 32768
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          codec_type: AUTO
          stat_prefix: web_ratelimit
          http_filters:
          - name: envoy.filters.http.ratelimit
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
              domain: test_domain
              stat_prefix: test_ratelimit
              stage: 0
              failure_mode_deny_percent:
                runtime_key: ratelimit.failure_mode_deny_percent
                default_value:
                  numerator: 100
                  denominator: HUNDRED
              rate_limit_service:
                transport_api_version: V3
                grpc_service:
                  envoy_grpc:
                    cluster_name: ratelimit_service
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  host_rewrite_literal: www.envoyproxy.io
                  cluster: service_envoyproxy_io
              rate_limits:
                - actions:
                  - source_cluster: {}
                  - destination_cluster: {}

  clusters:
  - name: service_envoyproxy_io
    type: LOGICAL_DNS
    dns_lookup_family: V4_ONLY
    load_assignment:
      cluster_name: service_envoyproxy_io
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: www.envoyproxy.io
                port_value: 443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        sni: www.envoyproxy.io

  - name: ratelimit_service
    connect_timeout: 1s
    type: STRICT_DNS
    protocol_selection: USE_CONFIGURED_PROTOCOL
    lb_policy: ROUND_ROBIN
    http2_protocol_options: {}
    load_assignment:
      cluster_name: ratelimit_service
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: 127.0.0.1
                port_value: 8080
```
Docs Changes: yes, inline with protos
Release Notes: yes
Platform Specific Features: no
Fixes #39928

---------

Signed-off-by: Álvaro Mongil <[email protected]>

Mirrored from https://github.com/envoyproxy/envoy @ 3eaa1d5ce7d3f932fb8d5eaad80d43ea653e9dbc

Author: update-envoy[bot]

envoy/extensions/filters/http/ratelimit/v3/rate_limit.proto

@@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // Rate limit :ref:`configuration overview <config_http_filters_rate_limit>`.
 // [#extension: envoy.filters.http.ratelimit]
 
-// [#next-free-field: 16]
+// [#next-free-field: 17]
 message RateLimit {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.rate_limit.v2.RateLimit";
@@ -149,6 +149,24 @@ message RateLimit {
   // the fraction of requests to enforce rate limits on. And the default percentage of the
   // runtime key is 100% for backwards compatibility.
   config.core.v3.RuntimeFractionalPercent filter_enforced = 15;
+
+  // If set, this will override the failure_mode_deny parameter with a runtime fraction.
+  // If the runtime key is not specified, the value of failure_mode_deny will be used.
+  //
+  // Example:
+  //
+  // .. code-block:: yaml
+  //
+  //   failure_mode_deny: true
+  //   failure_mode_deny_percent:
+  //     default_value:
+  //       numerator: 50
+  //       denominator: HUNDRED
+  //     runtime_key: ratelimit.failure_mode_deny_percent
+  //
+  // This means that when the rate limit service is unavailable, 50% of requests will be denied
+  // (fail closed) and 50% will be allowed (fail open).
+  config.core.v3.RuntimeFractionalPercent failure_mode_deny_percent = 16;
 }
 
 message RateLimitPerRoute {