quic: Adding QUIC listener option to reject new connections (#36070)

Commit Message: Implementing reject_new_connections QUIC listener
option.
Additional Description: The goal is to implement a mechanism to
configure the bootstrap to reject H3 traffic as early as possible in the
QUIC layer. This is done by replying to the client with an empty QUIC
version negotiation packet to leverage the incompatible version
negotiation logic from RFC 9368. This feature is off by default.
Risk Level: Low
Testing: UTs
Docs Changes: N/A
Release Notes: added new_features/quic note

---------

Signed-off-by: Ricardo Perez <ripere@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 88543c9c37f389ff6d2650bb7aae211563ab0485

envoy/config/listener/v3/quic_config.proto

@@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: QUIC listener config]
 
 // Configuration specific to the UDP QUIC listener.
-// [#next-free-field: 13]
+// [#next-free-field: 14]
 message QuicProtocolOptions {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.api.v2.listener.QuicProtocolOptions";
@@ -94,4 +94,9 @@ message QuicProtocolOptions {
   // If not specified, no cmsg will be saved to QuicReceivedPacket.
   repeated core.v3.SocketCmsgHeaders save_cmsg_config = 12
       [(validate.rules).repeated = {max_items: 1}];
+
+  // If true, the listener will reject connection-establishing packets at the
+  // QUIC layer by replying with an empty version negotiation packet to the
+  // client.
+  bool reject_new_connections = 13;
 }