chore: add test for EG cert rotation

[guydc]

What type of PR is this?

What this PR does / why we need it:
In #4481, TLS config loading was changed to load the latest certs when a new client connection is established:

gateway/internal/crypto/cert_load.go

Line 54 in 2385672

return loadConfig()

This effectively made it possible to rotate certificate without restarting the xds runner.

This PR adds an e2e test that rotates Envoy Gateway/Envoy certificates and verifies that:

• Clients using rotated certs are able to connect to EG (which picks up the new cert). EG XDS is exposed with LB SVC for convenience.
• Envoy's SSL Context metrics indicate that a certificate was rotated for the XDS cluster
• New configuration is programmed successfully after rotation.
• Envoy is restarted to terminate existing connections to XDS, and programming still works (using the new certificate for the XDS connections).

Also: improve stability of case preservation test by using a converging assertion.

Which issue(s) this PR fixes:

Relates to #4891

Release Notes: No

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.76%. Comparing base (8dbe6e0) to head (f4bcf7f).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4944      +/-   ##
==========================================
- Coverage   66.77%   66.76%   -0.02%     
==========================================
  Files         209      209              
  Lines       32383    32383              
==========================================
- Hits        21625    21619       -6     
- Misses       9458     9463       +5     
- Partials     1300     1301       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.