Dns: respecting DNS TTL (#18408)

Changes the DNS cache to respect the advertised TTL, modulo a floor of 5s.
That part of the change is runtime guard. The part which is not, is that the backoff is done on a per-host basis not a global basis, so if one endpoint fails to resolve, it won't result in others backing off, and if one succeeds it won't result in changing backoff for failed hosts.

Risk Level: Medium
Testing: new unit tests
Docs Changes: inline
Release Notes: inline
Optional Runtime guard: envoy.reloadable_features.use_dns_ttl

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Mirrored from https://github.com/envoyproxy/envoy @ bebd3e2c4700fb13132a34fcfa8b82b439249f3b

envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto

@@ -55,16 +55,12 @@ message DnsCacheConfig {
   config.cluster.v3.Cluster.DnsLookupFamily dns_lookup_family = 2
       [(validate.rules).enum = {defined_only: true}];
 
-  // The DNS refresh rate for currently cached DNS hosts. If not specified defaults to 60s.
+  // The DNS refresh rate for unresolved DNS hosts. If not specified defaults to 60s.
-  //
-  // .. note:
-  //
-  //  The returned DNS TTL is not currently used to alter the refresh rate. This feature will be
-  //  added in a future change.
-  //
-  // .. note:
   //
   // The refresh rate is rounded to the closest millisecond, and must be at least 1ms.
+  //
+  // Once a host has been resolved, the refresh rate will be the DNS TTL, capped
+  // at a minimum of 5s.
   google.protobuf.Duration dns_refresh_rate = 3
       [(validate.rules).duration = {gte {nanos: 1000000}}];