xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213)#10619