fix(status): align BackendTLSPolicy ResolvedRefs reason with Gateway API

[Aditya7880900936]

What type of PR is this?

fix: correct BackendTLSPolicy ResolvedRefs reason

---

What this PR does / why we need it:

Envoy Gateway was setting the ResolvedRefs=False condition reason to
InvalidKind for BackendTLSPolicy when a referenced CA certificate could
not be resolved.

According to Gateway API conformance and the BackendTLSPolicy specification,
this scenario must use the InvalidCACertificateRef reason. This PR updates
the status reason and adjusts golden test outputs to align with the expected
behavior.

---

Which issue(s) this PR fixes:

Fixes #7790

---

Release Notes: No

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.48%. Comparing base (2901f82) to head (96c0aab).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7793      +/-   ##
==========================================
- Coverage   72.51%   72.48%   -0.03%     
==========================================
  Files         235      235              
  Lines       34857    34857              
==========================================
- Hits        25276    25266      -10     
- Misses       7775     7782       +7     
- Partials     1806     1809       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Aditya7880900936]

The conformance test failures appear to be related to GatewayClass acceptance timing (proxy-config not found / context deadline exceeded) and not BackendTLSPolicy behavior.

My change only affects BackendTLSPolicy status reason mapping and does not touch GatewayClass, EnvoyProxy, or control-plane startup logic.

Happy to re-run or adjust if maintainers think this is related.

[Aditya7880900936]

Hi @arkodg ,
just tagging you for a quick look when you get a chance.

This PR only updates the BackendTLSPolicy status reason mapping; the current failures appear to be unrelated conformance flakes.

Happy to rebase, rerun, or adjust based on your guidance. Thanks!

[Aditya7880900936]

Hi @zirain 👋

Apologies for the ping — just looking for a quick sanity check when you get a chance.

This PR aligns BackendTLSPolicy ResolvedRefs status reason with the Gateway API spec.
The current CI failures appear to be unrelated conformance flakes (GatewayClass / proxy startup timing), not caused by this change.

I’ve added context above and can re-run or rebase if needed.
Thanks for taking a look!