Keycloak needs a DestinationRule for sticky sessions

Motivation

When keycloak is running in HA, it's necessary for istio to establish sticky sessions via the session cookie to ensure requests are served by the instance that's aware of the active session.

Docs: https://www.keycloak.org/server/reverseproxy Docs: https://istio.io/latest/docs/reference/config/networking/destination-rule/#LoadBalancerSettings

Acceptance Criteria

• When keycloak is running in HA, all requests need to be sticky based on the session cookie.

Community contribution source: https://bigbanguniver-ft39451.slack.com/archives/C051A2BPS0K/p1751465651046639