Update Istio Global templates to support multiple TLS certificates on the same gateway

Summary

Currently, the global istio controlplane templates do not enable users to configure two different TLS certificates for the same gateway (i.e. unique tls: for unique hosts:).

IronBank currently uses a single gateway for both *.dsop.io (legacy) and *.dso.mil, each of which have their own TLS certificate, and to work around this limitation we are using a Kustomization resource to add our TLS secrets and are then assigning them to the correct gateway in the istio package chart values. It would be neat to not have to do that and instead leverage the secret-tls.yaml template to create secrets fed in through global BigBang values.

Solution

Attempted resolution in !1315 (merged), but the gist of it is:

• Update the default global values at istio.gateways.<gateway-name> to ingest a list of servers instead of ports (this will more closely match the pattern at the package level as well)
• Iterate through the supplied servers.[*].tls maps to create TLS secrets in secret-tls.yaml and index the names of these secrets so match them to the correct gateway in values.yaml
• Update values.yaml to cycle through the provided $.Values.istio.gateways.<gatewayname>.servers when defining the default package values and assign a tls.credentialName that matches the indexed name of the TLS secret created in secret-tls.yaml.