Expose Wasm failureMode setting

[eguzki]

Wasm failureMode https://github.com/Kuadrant/wasm-shim/blob/main/src/configuration.rs#L490-L495 defines what to do when the GRPC request with limitador returns an error. To be clear, when limitador returns OVER_LIMIT in the RateLimitResponse struct of the GRPC response, this is not considered as an error.

So when there is an error returned by the GRPC access:

• failureMode: allow => The http request resumes the filter chain. So the request is allowed to be routed to destination. In other words, when limitador is down, the traffic is still being routed and not rate limited.
• failureMode: deny => Envoy returns 500 Internal Server Error to the downstream client.This is the value hardcoded in latest 0.10.0 and earlier versions. In other words, when limitador is down, the traffic is not being routed and upstream backend does not get traffic from envoy (from that listener).

The ask is to expose this behavior at the kuadrant level.

Option 1: In the kuadrant spec
Option 2: An annotation in the kuadrant CR
Option 3: Per policy (so some attribute at the policy level). Related work: Wasm refactor Kuadrant/wasm-shim#87

Note that if ExtAuth is being handled by wasm, we might want to expose two attributes independently: one for rate limiting, another one for auth. So, for example, one could allow traffic when rate limiting is unavailable and disable traffic routing when external auth is not available (more critical in that sense).