[feat aga] Implement AGA endpoint resource references loading and monitoring

[shraddhabang]

This PR implements two key components for the AWS Global Accelerator controller:

1. Endpoint Loaders: Dynamically loads and resolves endpoints from Kubernetes resources
2. Resource Monitoring: Watches referenced resources for changes to trigger reconciliation

Commit 1: [feat aga] Implement endpoint loader with DNS resolution

This commit implements the endpoint loading system for the AGA controller. It provides:

• Dynamic loading of endpoints from Kubernetes resources (Services, Ingresses, Gateways)
• DNS resolution to AWS load balancer ARNs
• Efficient LRU caching with TTL-based invalidation
• Detailed error reporting and status tracking
• Comprehensive unit tests

The endpoint loader enables GlobalAccelerator resources to reference Kubernetes objects and automatically resolve them to the appropriate AWS resources.

Commit 2: [feat aga] Implement resource monitoring for referenced resources

This commit implements the resource monitoring system for the AGA controller. It provides:

• Dynamic watching of referenced Kubernetes resources
• Event handling to trigger reconciliation when resources change
• Only watches resources that are actively referenced
• Reference tracking between resources and GlobalAccelerators
• Efficient watch management with cleanup for unreferenced resources
• Unit tests for all monitoring components

This monitoring system ensures that when a referenced resource changes (e.g., a Service gets a new load balancer), the GlobalAccelerator is automatically reconciled to use the updated endpoint.

Note for temporary limitations for cross namespace reference

We want to allow references to Kubernetes resources (Services, Ingresses, Gateways) that exist in different namespaces from the GlobalAccelerator CR itself. This enables more flexible architectural patterns but requires careful security considerations. We will implement this later as we will need to come up with a proper cross-namespace reference system keeping security concerns in mind. For now in the current implementation cross-namespace references are detected but only result in a warning - this means:

• The references won't work (the endpoint is marked as warning)
• The GlobalAccelerator CR won't be rejected

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the docs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: shraddhabang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [shraddhabang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[emdelaney]

Can we call this DNSToArnResolver or DNSToLoadBalancerResolver? "DNS Resolver" makes me think we're mapping a DNS name to IP addresses, which is not what we're doing here.

[wweiwei-li]

I am thinking we should add mutex to protect consumers from concurrent access