feat(transparent-proxy): handle option to drop invalid packets

[bartsmykla]

Caution

This is WORK IN PROGRESS

This commit adds the ability to configure our transparent proxy to drop packets in invalid states, improving application stability by preventing
them from reaching the backend. This is particularly beneficial during
high-throughput requests where out-of-order packets might bypass DNAT.

• New flag: --drop-invalid-packets allows enabling this behavior during installation.
• New annotation: traffic.kuma.io/drop-invalid-packets allows configuration via deployments (including Kubernetes init containers and CNI).

Note: Enabling this option may introduce slight performance overhead. Weigh the trade-off between connection stability and performance before enabling it.

See also: https://kubernetes.io/blog/2019/03/29/kube-proxy-subtleties-debugging-an-intermittent-connection-reset/

Checklist prior to review

• Link to relevant issue as well as docs and UI issues
  • There are no relevant issues
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS
  • It won't
• Tests (Unit test, E2E tests, manual test on universal and k8s)
  • Don't forget ci/ labels to run additional/fewer tests
• Do you need to update UPGRADE.md?
  • WIP
• Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)
  • There is no need