Allow to configure more than 1 remote peers

[jewertow]

Our API allows to configure only 1 remote peer, but we want to connect more meshes. However, we must know the identity of the configured peers to determine where an instance of an exported service come from, so we must also extend the Remote struct with the identity that will include: trust domain, namespace, service account and service name. First 3 properties are required to match spiffe ID, and the last one is required to properly set SNI in the destination rule for TLS origination.

The API should look as follows:

federation:
  meshPeers:
    local:
      ...
    remote:
    - identity:
        trustDomain: cluster.west
        namespace: istio-system
        serviceAccount: federation-controller-west
        serviceName: federation-controller
      addresses:
      - 192.168.0.1
    - identity:
        trustDomain: cluster.east
        namespace: istio-system
        serviceAccount: federation-controller-east
        serviceName: federation-controller
    - addresses:
      - 192.168.1.1

Alternatively, the identity could include spiffe and sni. Then it would be:

federation:
  meshPeers:
    local:
      ...
    remote:
    - identity:
        spiffe: cluster.west/ns/istio-system/sa/federation-controller
        sni: federation-controller.istio-system.svc.cluster.west
      addresses:
      - 192.168.0.1
    - identity:
        spiffe: cluster.east/ns/istio-system/sa/federation-controller
        sni: federation-controller.istio-system.svc.cluster.east
    - addresses:
      - 192.168.1.1

Note that the identities must be unique, so when we connect meshes using the same trust domain, then federation controllers must have unique service account or namespace.

Server can determine the identity from the XFCC header set by the ingress gateway.