Encryption fixes, when setting the encrypt ctx->mark field we need to
skip resetting it with the source identity. Its not needed in the
encryption case anywasy because we already checked the endpoint is
remote before encoding encryption signal.

Next if fib lookup is not available we will discover the route at
init time and encode it in the ENCRYPT_IFACE define. If this field
is non-zero we should use it. Otherwise in some configurations
where there is not a route to egress in the main routing table
the packet will be dropped.

Fixes: 86db0fd ("cilium: encryption, use fib_lookup to rewrite dmac/smac")
Fixes: f25d8b9 ("bpf: Preserve source identity for hairpin via stack")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>

We observed in the K8sWatcher for "ciliumendpoints" the call
ConvertToCiliumEndpointAddFunc was taking an endpoint event with a
valid Encryption field and converting it to '0'.

To fix we can make the translation more explicit.

Fixes: 720c0b0 ("pkg/k8s: do not DeepCopy when converting to CiliumEndpoint")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: André Martins <andre@cilium.io>