kgateway version

v2.3.0-main

Kubernetes Version

v1.35.0

Describe the bug

I you create a BackendTLSPolicy targeting a Service with SectionName in targetRefs, this BackenTLSPolicy is not attached and there is no status nor event.

According to the spec (https://gateway-api.sigs.k8s.io/reference/1.4/spec/#localpolicytargetreferencewithsectionname), a sectionName in a Service targetRefs should be accepted, even if, for the moment, it should mostly have no effect (https://gateway-api.sigs.k8s.io/reference/1.4/spec/#backendtlspolicyspec: "Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy.") (but would make sense to apply to only the specified port already).

Expected Behavior

BackendTLSPolicy should be attached to the targeted Service.

Steps to reproduce the bug

1. Follow the documentation https://kgateway.dev/docs/envoy/main/security/backend-tls/#in-cluster-service (or the fixed one in Fix Backend TLS documentation kgateway.dev#708)
2. When creating the BackendTLSPolicy, add a sectionName: https in the manifest
3. Check the status of the BackendTLSPolicy: there is none, not even a "a ResolvedRefs or similar Condition" as documented in the specification in case of bad SectionName
4. If you remove the SectionName, then the BackendTLSPolicy is attached and status is showing it

Additional Environment Detail

No response

Additional Context

No response