[backport] cherry-pick commit 15e46da to release-v1.2

[nshankar13]

Fix ingress backend SAN's, which were getting the trust domain appended to the provided SAN.
This adds an e2e test to catch that going forward.
This also switches the internal builders to use the principal (trust domain appended) vs the identity (no trust domain)

Description: Cherry pick commit 15e46da from PR #4914 to release-v1.2 branch to fix ingressBackend bug.

This will fix #5042, which is a bug in release-v1.2.

Testing done:

Affected area:

Functional Area
New Functionality	[ ]
CI System	[ ]
CLI Tool	[ ]
Certificate Management	[ ]
Control Plane	[ ]
Demo	[ ]
Documentation	[ ]
Egress	[ ]
Ingress	[ ]
Install	[ ]
Networking	[ ]
Observability	[ ]
Performance	[ ]
SMI Policy	[ ]
Security	[ ]
Sidecar Injection	[ ]
Tests	[ ]
Upgrade	[ ]
Other	[ ]

Please answer the following questions with yes/no.

1. Does this change contain code from or inspired by another project?

   • Did you notify the maintainers and provide attribution?

2. Is this a breaking change?

3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)?

[SanyaKochhar]

Could you format the commit/PR title/description specifying the commit that is being backported? Some examples:
openservicemesh/osm-docs#408
openservicemesh/osm-docs#151

[codecov-commenter]

Codecov Report

Merging #5063 (1493cfa) into release-v1.2 (893ff87) will increase coverage by 0.01%.
The diff coverage is 93.93%.

❗ Current head 1493cfa differs from pull request most recent head cf37976. Consider uploading reports for the commit cf37976 to get more accurate results

@@               Coverage Diff                @@
##           release-v1.2    #5063      +/-   ##
================================================
+ Coverage         68.64%   68.65%   +0.01%     
================================================
  Files               220      220              
  Lines             15944    15941       -3     
================================================
  Hits              10944    10944              
+ Misses             4948     4945       -3     
  Partials             52       52              

Flag	Coverage Δ
unittests	68.65% <93.93%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/identity/types.go	74.07% <0.00%> (-5.93%)	⬇️
pkg/catalog/catalog.go	91.30% <100.00%> (+1.30%)	⬆️
pkg/catalog/inbound_traffic_policies.go	94.90% <100.00%> (ø)
pkg/catalog/ingress.go	96.26% <100.00%> (-0.04%)	⬇️
pkg/envoy/lds/rbac.go	80.35% <100.00%> (-0.68%)	⬇️
pkg/envoy/rbac/policy.go	100.00% <100.00%> (ø)
pkg/envoy/rds/route/rbac.go	92.85% <100.00%> (-0.70%)	⬇️
pkg/trafficpolicy/trafficpolicy.go	96.15% <100.00%> (ø)
pkg/certificate/manager.go	77.51% <0.00%> (+0.80%)	⬆️
... and 1 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[shalier]

@nshankar13 should be able to rebase with main to get rid of the G114 and revive lint errors

[shashankram]

@nshankar13 could you confirm if this is the root cause of the issue described in #5042? I can see how that issue could be related to the fix here.

[nshankar13]

@shashankram yes this is the PR that will fix the authenticated principal and trustdomain problem causing the issue in #5042. I believe this fix was made even before release-v1.2 but the commit was missed for cherry-picking.

[shashankram]

@shashankram yes this is the PR that will fix the authenticated principal and trustdomain problem causing the issue in #5042. I believe this fix was made even before release-v1.2 but the commit was missed for cherry-picking.

Thanks for confirming. Could you reference issue #5042 in your PR description so that it's clear this backport is necessary to fix a bug in release-v1.2.

[keithmattix]

Approving pending the description change requested by Shashank

[nshankar13]

@shashankram @keithmattix updated PR description.