perf(rules): add withNegation flag to simplify to policy flow (backport of #13151) (#13194)

Automatic cherry-pick of #13151 for branch release-2.9

Generated by
[action](https://github.com/kumahq/kuma/actions/runs/14056954185)

cherry-picked commit c3781d4

⚠️ ⚠️ ⚠️ Conflicts happened when cherry-picking!
⚠️ ⚠️ ⚠️
```
On branch release-2.9
Your branch is up to date with 'origin/release-2.9'.

You are currently cherry-picking commit c3781d4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   pkg/api-server/testdata/resources/inspect/dataplanes/_rules/overriding_meshtimeout.golden.json
	modified:   pkg/api-server/testdata/resources/inspect/dataplanes/_rules/resource_rule_meshtimeout_index.golden.json
	modified:   pkg/plugins/policies/core/matchers/egress.go
	modified:   pkg/plugins/policies/core/matchers/testdata/matchedpolicies/torules/03.golden.yaml
	modified:   pkg/plugins/policies/core/matchers/testdata/matchedpolicies/torules/03.policies.yaml
	modified:   pkg/plugins/policies/core/rules/testdata/rules/to/meshtimeout.golden.yaml
	modified:   pkg/plugins/policies/core/rules/testdata/rules/to/single-to.golden.yaml

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	both modified:   pkg/api-server/testdata/resources/inspect/dataplanes/_rules/meshhttproute.golden.json
	both modified:   pkg/plugins/policies/core/rules/rules.go
	deleted by us:   pkg/plugins/policies/core/rules/subsetutils/subset.go

```

---------

Signed-off-by: Ilya Lobkov <[email protected]>
Signed-off-by: Lukasz Dziedziak <[email protected]>
Co-authored-by: Lukasz Dziedziak <[email protected]>
Co-authored-by: Ilya Lobkov <[email protected]>

Author: 3 people

pkg/api-server/testdata/resources/inspect/dataplanes/_rules/meshhttproute.golden.json

@@ -39,7 +39,14 @@
          "backendRefs": [
           {
            "kind": "MeshServiceSubset",
-           "name": "backend_kuma-demo_svc_3001",
+           "name": "other-svc",
+           "tags": {
+            "version": "1.0"
+           }
+          },
+          {
+           "kind": "MeshServiceSubset",
+           "name": "other-svc-2",
            "tags": {
             "version": "1.0"
            }
@@ -53,14 +60,14 @@
       {
        "key": "kuma.io/service",
        "not": false,
-       "value": "backend_kuma-demo_svc_3001"
+       "value": "other-svc"
       }
      ],
      "origin": [
       {
        "labels": {},
        "mesh": "default",
-       "name": "the-http-route",
+       "name": "the-other-http-route",
        "type": "MeshHTTPRoute"
       }
      ]
@@ -81,14 +88,7 @@
          "backendRefs": [
           {
            "kind": "MeshServiceSubset",
-           "name": "other-svc",
-           "tags": {
-            "version": "1.0"
-           }
-          },
-          {
-           "kind": "MeshServiceSubset",
-           "name": "other-svc-2",
+           "name": "backend_kuma-demo_svc_3001",
            "tags": {
             "version": "1.0"
            }
@@ -102,14 +102,14 @@
       {
        "key": "kuma.io/service",
        "not": false,
-       "value": "other-svc"
+       "value": "backend_kuma-demo_svc_3001"
       }
      ],
      "origin": [
       {
        "labels": {},
        "mesh": "default",
-       "name": "the-other-http-route",
+       "name": "the-http-route",
        "type": "MeshHTTPRoute"
       }
      ]

pkg/api-server/testdata/resources/inspect/dataplanes/_rules/overriding_meshtimeout.golden.json

@@ -144,18 +144,7 @@
        "requestTimeout": "10s"
       }
      },
-     "matchers": [
-      {
-       "key": "kuma.io/service",
-       "not": true,
-       "value": "bar"
-      },
-      {
-       "key": "kuma.io/service",
-       "not": true,
-       "value": "foo"
-      }
-     ],
+     "matchers": [],
      "origin": [
       {
        "labels": {},

pkg/api-server/testdata/resources/inspect/dataplanes/_rules/resource_rule_meshtimeout_index.golden.json

@@ -45,17 +45,17 @@
    "toRules": [
     {
      "conf": {
-      "connectionTimeout": "7s",
-      "idleTimeout": "7s",
+      "connectionTimeout": "5s",
+      "idleTimeout": "5s",
       "http": {
-       "requestTimeout": "7s"
+       "requestTimeout": "5s"
       }
      },
      "matchers": [
       {
        "key": "kuma.io/service",
        "not": false,
-       "value": "backend-4"
+       "value": ""
       }
      ],
      "origin": [
@@ -69,17 +69,17 @@
     },
     {
      "conf": {
-      "connectionTimeout": "5s",
-      "idleTimeout": "5s",
+      "connectionTimeout": "7s",
+      "idleTimeout": "7s",
       "http": {
-       "requestTimeout": "5s"
+       "requestTimeout": "7s"
       }
      },
      "matchers": [
       {
        "key": "kuma.io/service",
        "not": false,
-       "value": ""
+       "value": "backend-4"
       }
      ],
      "origin": [

pkg/plugins/policies/core/matchers/egress.go

@@ -173,7 +173,7 @@ func processToRules(tags map[string]string, policies []core_model.Resource) (cor
 		}
 	}
 
-	rules, err := core_rules.BuildRules(toList)
+	rules, err := core_rules.BuildRules(toList, false)
 	if err != nil {
 		return core_rules.FromRules{}, err
 	}

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/torules/03.golden.yaml

@@ -8,7 +8,7 @@ Rules:
   - creationTime: "0001-01-01T00:00:00Z"
     mesh: mesh-1
     modificationTime: "0001-01-01T00:00:00Z"
-    name: mtp-2
+    name: mtp-3
     type: MeshTimeout
   - creationTime: "0001-01-01T00:00:00Z"
     mesh: mesh-1
@@ -25,12 +25,12 @@ Rules:
 - BackendRefOriginIndex: {}
   Conf:
     http:
-      requestTimeout: 3s
+      requestTimeout: 2s
   Origin:
   - creationTime: "0001-01-01T00:00:00Z"
     mesh: mesh-1
     modificationTime: "0001-01-01T00:00:00Z"
-    name: mtp-2
+    name: mtp-3
     type: MeshTimeout
   Subset:
   - Key: __rule-matches-hash__
@@ -39,37 +39,3 @@ Rules:
   - Key: kuma.io/service
     Not: false
     Value: test-server
-- BackendRefOriginIndex: {}
-  Conf:
-    http:
-      requestTimeout: 3s
-  Origin:
-  - creationTime: "0001-01-01T00:00:00Z"
-    mesh: mesh-1
-    modificationTime: "0001-01-01T00:00:00Z"
-    name: mtp-2
-    type: MeshTimeout
-  Subset:
-  - Key: __rule-matches-hash__
-    Not: false
-    Value: JNNc6//C3P17nUsOJm5f4kqG+U3v8pXhS0od9C3+oss=
-  - Key: kuma.io/service
-    Not: true
-    Value: test-server
-- BackendRefOriginIndex: {}
-  Conf:
-    http:
-      requestTimeout: 3s
-  Origin:
-  - creationTime: "0001-01-01T00:00:00Z"
-    mesh: mesh-1
-    modificationTime: "0001-01-01T00:00:00Z"
-    name: mtp-2
-    type: MeshTimeout
-  Subset:
-  - Key: __rule-matches-hash__
-    Not: true
-    Value: JNNc6//C3P17nUsOJm5f4kqG+U3v8pXhS0od9C3+oss=
-  - Key: kuma.io/service
-    Not: true
-    Value: test-server

pkg/plugins/policies/core/matchers/testdata/matchedpolicies/torules/03.policies.yaml

@@ -43,3 +43,16 @@ spec:
       default:
         http:
           requestTimeout: 3s
+type: MeshTimeout
+mesh: mesh-1
+name: mtp-3
+spec:
+  targetRef:
+    kind: Mesh
+  to:
+    - targetRef:
+        kind: MeshService
+        name: test-server
+      default:
+        http:
+          requestTimeout: 2s