How to categorize this PR?

/area scalability
/kind enhancement

What this PR does / why we need it:
When L7 was introduced with PR #11085 it did not include support for SPDY which is the old streaming protocol in Kubernetes. Websocket is the future protocol which is enabled by default since Kubernetes v1.31.0 (see this blog entry for more information). Thus, L7 load balancing could be enabled for Kubernetes >=v1.31.0 only.

Later, we found out that the Kubernetes Conformance tests require SPDY support until Kubernetes v1.33.0. Additionally, some of our own implementation using streaming APIs had to be adapted (see #8810 (comment)).
We decided to add SPDY support to allow users a smooth transition to websockets and pass the Conformance test when the feature is active.

This PR implements SPDY support and is following this suggestion to create a custom route configuration and a custom (envoy) cluster with no HTTP2 support in order to support upgrading the connection to SPDY.

Given the circumstances that we are using istio, there are two different options.

• Create the configuration entirely with EnvoyFilters
• Use Istio objects and add the missing parts via EnvoyFilters

This PR follows the latter approach.
It uses EnvoyFilter to disable HTTP2 and to set the correct upgrade configs. Both cannot be done via Istio objects. Apart from that, the existing Istio configuration is used in a slightly adapted way.

Which issue(s) this PR fixes:
Part of #8810

Special notes for your reviewer:
/cc @ScheererJ @DockToFuture @hendrikKahl

Release note:

L7 load balancing is supporting the SPDY protocol for streaming APIs too.

L7 load balancing can now be enabled independently from the Kubernetes version of the shoot when `IstioTLSTermination` feature gate is enabled on the seed.