GEP-3567: Gateway TLS Updates for HTTP Connection Coalescing

[robscott]

What would you like to be added:
As a follow up to the doc that's been discussed in previous community meetings, this GEP will propose the following changes:

1. Formalizing guidance for implementations to send HTTP 421 when we see mismatched requests
2. Adding Gateway API documentation that describes the problem and possible solutions
3. Adding a new status condition that will warn users when configuration with overlapping hostname configuration is present with a reference to the documentation created in step 2
4. Introduce new top-level TLS configuration, starting with client-cert validation

Although we will make every effort to get as many of these changes as possible into Gateway API v1.3, it's unlikely that all of them will fit into this release.

Why this is needed:
Our current TLS configuration can lead to confusing and inconsistent behavior across implementations. These problems are only made worse as we add client cert validation. This GEP aims to warn users about problematic configuration and provide a safer API surface.