auth_policy is to configure mutual TLS for data plane. Since 0.8, this can can be done via authentication policy. To have more consistent experience, it's better to remove this config flag.

For new users, we will have only one yaml file to install Istio (i.e install Istio without mTLS). Customers then can add AuthN policy (and destination rule) to enable mTLS for namespace(s) or per-service (we can also provide global policy, see issue #4027.

For old users, we will need to provide a tools to convert the flag into corresponding authn policies and destination rules. Again, note that this has to be done for all applicable namespaces.

Implementation details, the default destination rule won't need to infer from the auth_policy flag any more.