Revert "ext_authz: make the ext_authz filter a dual filter (#29173)" (#29779)

This reverts commit 9918a0a06deaf0cb3c935566523ab3fdd7a2bab1.

Signed-off-by: Eugene Chan <eugenechan@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 15f38ada69c055f1800671eda7ac727ca4666540

envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto

@@ -78,7 +78,6 @@ message ExtAuthz {
   // 3. At least one ``authorization response header`` is added to the client request, or is used for
   // altering another client request header.
   //
-  // It is an error to set this field when the filter is configured on an upstream filter chain.
   bool clear_route_cache = 6;
 
   // Sets the HTTP status that is returned to the client when the authorization server returns an error
@@ -136,8 +135,6 @@ message ExtAuthz {
   //
   // When this field is true, Envoy will include the peer X.509 certificate, if available, in the
   // :ref:`certificate<envoy_v3_api_field_service.auth.v3.AttributeContext.Peer.certificate>`.
-  //
-  // It is an error to set this field when the filter is configured on an upstream filter chain.
   bool include_peer_certificate = 10;
 
   // Optional additional prefix to use when emitting statistics. This allows to distinguish
@@ -187,8 +184,6 @@ message ExtAuthz {
   //
   // When this field is true, Envoy will include the SNI name used for TLSClientHello, if available, in the
   // :ref:`tls_session<envoy_v3_api_field_service.auth.v3.AttributeContext.tls_session>`.
-  //
-  // It is an error to set this field when the filter is configured on an upstream filter chain.
   bool include_tls_session = 18;
 }