Expose envoy's `retry_policy` configuration to jwt authentication.

[david-rusnak]

Hello all!

I use contour to fetch jwks for auth, but my jwk provider is unreliable, so I've tried to bump the timeout and cache duration in order to hold on to a valid jwk for longer to try and mitigate this issue. I see that envoy exposes the ability to configure a retry policy, but contour doesn't. That led me to this sentence in the design doc for jwt verification:

## Non Goals
- JWT verification for requests to non-TLS enabled virtual hosts.
- Exposing all possible Envoy configuration settings.
- Supporting end-to-end OAuth2/OIDC flows.

Is this something the maintainers would even accept? I have some work that works towards including this configuration option, but I don't want to continue if this sentiment is still strong.

Thank you!

[github-actions]

Hey @david-rusnak! Thanks for opening your first issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on Contour. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

[david-rusnak]

Bumping this, is this something that the team would be ok with having exposed?

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all Issues.

This bot triages Issues according to the following rules:

• After 60d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the Issue is closed

You can:

• Mark this Issue as fresh by commenting
• Close this Issue
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack