http: Support inferring X-Forwarded-Proto from PROXY protocol destination port (#43088)

When using Layer 4 load balancers (like AWS NLB) that terminate TLS and forward traffic using PROXY protocol, Envoy receives unencrypted traffic but needs to know the original protocol for correct redirect behavior.

This change adds a new HCM configuration option forwarded_proto_config that allows specifying which PROXY protocol destination ports should be treated as HTTPS or HTTP. When enabled and the local address was restored from PROXY protocol, the x-forwarded-proto header is set based on whether the destination port is in https_destination_ports or http_destination_ports.

Example configuration:

http_connection_manager:
  forwarded_proto_config:
    https_destination_ports: [443, 8443]
    http_destination_ports: [80, 8080]

Risk Level: Low - opt-in feature that only activates when explicitly configured and when localAddressRestored() is true Testing: Added 6 unit tests in conn_manager_utility_test.cc covering port 443/80 mapping, unmapped ports, empty config, non-restored address, and custom ports Docs Changes: N/A Release Notes: Added Platform Specific Features: [Optional Runtime guard:] Fixes #43031 [Optional Fixes commit #PR or SHA] [Optional Deprecated:] API Considerations: Added new message ForwardedProtoConfig and field forwarded_proto_config (#61) to HttpConnectionManager. The configuration uses two repeated uint32 fields (https_destination_ports and http_destination_ports) for type-safe port specification without requiring string validation.