global.outboundTrafficPolicy.mode 设置为 REGISTRY_ONLY 时，block_all路由和to_global_sidecar路由冲突

[hexiaodai]

Bug description

Affected sub-moudle (please put an X in all that apply)

[X ] Configuration Lazy Loading [ ] Http Plugin Management [ ] Adaptive Ratelimit [ ] Slime Boot

Steps to reproduce the bug

1. istioctl install --set meshConfig.outboundTrafficPolicy.mode=REGISTRY_ONLY
2. kubectl logs sleep-xxx -c istio-proxy rejected: Only a single wildcard domain is permitted in route 9080

block_all 路由和 to_global_sidecar 路由冲突

        "virtualHosts": [
            {
                "name": "block_all",
                "domains": [
                    "*"
                ],
                "routes": [
                    {
                        "name": "block_all",
                        "match": {
                            "prefix": "/"
                        },
                        "directResponse": {
                            "status": 502
                        }
                    }
                ],
                "includeRequestAttemptCount": true
            },
        ...
    ]

[hexiaodai]

https://istio.io/latest/blog/2019/monitoring-external-service-traffic/

[YonkaFang]

这个是已知场景，只是没想到就遇到了。

这么说需要把outboundTrafficPolicy传递给slime，从而决定该行为： 是替换allow_any还是block_all。