The following configuration options are valid, but would not be documented, or recommended:
envoy proxy, hcl config, with heredoc for opaque config - we recommend using inline config instead of heredoc for envoy, because the envoy proxy config is only partially opaque. When we finally decode it we can apply the necessary rules to handle the ambiguous HCL decoding. There is no reason to mix hcl+json.
third-party proxy, hcl config, with inline opaque config - we recommend using a heredoc or full JSON config for third-party proxies because decoding a raw HCL structure with structs is not intuitive to most users. If the proxy implementor understands the challenges they are welcome to use this config. We should clearly document the challenges with this approach, so that any third-party proxy implementors understand the trade off. If they are using Go and mapstructure they could re-use our same decode hook and it would be easy enough for them to accept a full inline hcl config as well.
any proxy, json config, with string for opaque config - since we support a string heredoc for HCL, we would also support specifying a string for that field from a JSON config. However there is really no reason to every talk about that option because if the config is JSON, then inline JSON is a lot more natural, and JSON does not have a heredoc, which makes it harder to specify.