[bp/v1.37] fix: use TextFormat for message-valued CEL attributes

[zhaohuabing]

Commit Message:

Envoy 1.37.0 updated protobuf from 29.3 to 33.2. That dependency change altered debug-string output semantics and broke behavior that worked in 1.36.x for ext_proc consumers parsing xds.virtual_host_metadata.

This behavior change was introduced in #42435 and #42827.

This PR switches message serialization from debug-string APIs to protobuf text-format APIs so message-valued CEL attributes are machine-parseable again, as recommended by protobuf programming guides. https://protobuf.dev/programming-guides/deserialize-debug

What broke in 1.37.0

• In both 1.36.x and 1.37.0, message-valued CEL results were stringified via ShortDebugString().
• In 1.36.x (protobuf 29.3), that output was parseable.
• In 1.37.0 (protobuf 33.2), debug strings are now prefixed with goo.gle/debugonly / goo.gle/debugstr, which is intentionally non-parseable as textproto.
• Result: ext_proc implementations that parse xds.virtual_host_metadata as textproto started failing after upgrading to 1.37.0.

Note: xds metadata attributes in ext_proc requests are not diagnostic log fields; they are machine-to-machine payload data consumed by external processors. External processors parse these values to make policy and routing decisions, so serialization must be stable and machine-readable by standard protobuf tooling. DebugString is a diagnostic format with no compatibility contract, and in protobuf 30+ it may include goo.gle/debug... prefixes that intentionally break parsing. For this path, protobuf TextFormat is the correct format, not debug serialization.

Example

Given virtual host metadata:

  {
    "metadata": {
      "filterMetadata": {
        "envoy-gateway": {
          "resources": [
            {
              "kind": "Gateway",
              "name": "eg",
              "namespace": "default",
              "sectionName": "http"
            }
          ]
        }
      }
    }
  }

Before (1.37.0 + protobuf 30+ path), ext_proc may receive:

goo.gle/debugonly filter_metadata { key: "envoy-gateway" value { ... } }

Parsing fails at token 1.

After this PR:

filter_metadata { key: "envoy-gateway" value { ... } }

This is protobuf text format and parses via TextFormat::ParseFromString(...).

Compatibility notes

• This restores 1.36.x-like effective behavior for ext_proc users (parseable metadata strings), while using the correct serialization API.
• Minor formatting differences vs 1.36.x debug output are possible (whitespace/order), but output is now stable machine-readable textproto.
• Scope includes other call sites using Expr::print(...) for message-valued CEL results (for example rate-limit descriptor CEL stringification).

Additional Description:
Risk Level: low
Testing: unit and integration test
Docs Changes:
Release Notes: yes
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #43466]
[Optional Deprecated:]
[Optional API Considerations:]

(cherry picked from commit 697e419)

[repokitteh-read-only]

CC @envoyproxy/runtime-guard-changes: FYI only for changes made to (source/common/runtime/runtime_features.cc).

🐱

Caused by: #43704 was opened by zhaohuabing.

see: more, trace.

[zhaohuabing]

/retest

[phlax]

lgtm, thanks @zhaohuabing

[shahar-h]

Hi, is there an ETA for 1.37.1 release?

[phlax]

next tuesday