feat: add LoadBalancerSourceRanges and LoadBalancerClass

[MayorFaj]

Fixes #7334

What this PR does / why we need it

The Contour Gateway Provisioner had no way to configure two standard
Kubernetes Service fields on the provisioned Envoy Service:

• spec.loadBalancerSourceRanges — restricts inbound traffic to specific
  client CIDRs at the load balancer level
• spec.loadBalancerClass — selects a specific load balancer implementation

This PR exposes both fields through ContourDeployment.spec.envoy.networkPublishing,
following the same pattern used by existing fields (externalTrafficPolicy,
ipFamilyPolicy, serviceAnnotations).

Changes

API

• Added loadBalancerSourceRanges []string and loadBalancerClass *string
  to the NetworkPublishing struct in ContourDeployment
• Regenerated deep copy and CRD YAML

Provisioner

• Added both fields to EnvoyNetworkPublishing in the internal model
• Gateway controller maps the new params → model fields
• DesiredEnvoyService applies both fields, guarded inside the
  LoadBalancerService case only (they have no meaning for NodePort or ClusterIP)
• LoadBalancerServiceChanged tracks drift for both fields

Tests

• TestDesiredEnvoyService — asserts fields are set for LoadBalancerService
  and absent for NodePortService
• TestLoadBalancerServiceChanged — three new cases covering changed source
  ranges, unchanged (equal non-empty) source ranges, and changed class
• Gateway controller integration test — full path from ContourDeployment
  params to Service spec

Docs

• Added a YAML example and immutability note for loadBalancerClass to
  site/content/docs/main/config/gateway-api.md

[github-actions]

Hi @MayorFaj! Welcome to our community and thank you for opening your first Pull Request. Someone will review it soon. Thank you for committing to making Contour better. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

[MayorFaj]

@tsaarni , when ever you get the chance