alts: add ALTS config and integration test (#4559)

Last one for #3429, introduce ALTS config and add integration test.

Risk Level: Low (extension)
Testing: manual test, integration test, CI
Docs Changes: Done
Release Notes:
Fixes #3429.

Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ f9edb521ce641ee16cd59e756604d201a8ad3526

envoy/config/transport_socket/alts/v2alpha/BUILD

@@ -0,0 +1,11 @@
+load("//bazel:api_build_system.bzl", "api_proto_library")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_library(
+    name = "alts",
+    srcs = ["alts.proto"],
+    deps = [
+        "//envoy/api/v2/core:base",
+    ],
+)

envoy/config/transport_socket/alts/v2alpha/alts.proto

@@ -0,0 +1,20 @@
+syntax = "proto3";
+
+package envoy.config.transport_socket.alts.v2alpha;
+option go_package = "v2";
+
+// [#protodoc-title: ALTS]
+
+import "validate/validate.proto";
+
+// Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy.
+// https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/
+message Alts {
+  // The location of a handshaker service, this is usually 169.254.169.254:8080
+  // on GCE.
+  string handshaker_service = 1 [(validate.rules).string.min_bytes = 1];
+
+  // The acceptable service accounts from peer, peers not in the list will be rejected in the
+  // handshake validation step. If empty, no validation will be performed.
+  repeated string peer_service_accounts = 2;
+}