Listener config rejected is shown as warning instead of error

[MathiasEurostar]

Description:

When having duplicate API keys in the secret that is used by the security policy of a route, the config is listed as "accepted" in the manifest, but the logs of the gateway show a warning that contains an error:

[2025-04-09 02:29:35.230][1][warning][config] [source/extensions/config_subscription/grpc/grpc_subscription_impl.cc:138] gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) dm-gateway/dm-gateway/internal-gateway-https: Duplicated credential key: '...'

So this brings envoy in an invalid state where the config is actually not applied, but you think it does.
In our case we restarted envoy to debug something and it couldn't handle any message anymore due to the faulty config.

The above should be an error that blocks the accepting of the config.

Repro steps:

1. Create a security policy with a duplicate api key
2. Try doing a request: nothing will have changed (apart from the warnings in the logs)
3. Restart envoy
4. Now you get internal error on each request.

Environment:

envoy gateway v1.3.0 and v1.33.0 running on Kubernetes.

Logs:

(see above)

[arkodg]

this needs to be validated in the control plane, and rejected with an error that surfaces in the SecurityPolicy status

gateway/internal/gatewayapi/securitypolicy.go

Line 1054 in 3dbf9cc

func (t *Translator) buildAPIKeyAuth(

[gavinkflam]

/assign