Describe the bug
This bug report is similar to #11818.
EnvoyFilters currently can only be scoped to Services.
What makes it even worse for EnvoyFilters is that EnvoyFilters are not scoped to a namespace, so that I don't even have the workaround that I have for Sidecars to put an application that has no service into its own namespace and apply an EnvoyFilter to the whole namespace.

Expected behavior
The EnvoyFilter.workloadSelector should select Pods, not Services.

Steps to reproduce the bug
Create a test application with this Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: testcurl
  namespace: test
spec:
  selector:
    matchLabels:
      app: testcurl
  replicas: 1
  template:
    metadata:
      labels:
        app: testcurl
    spec:
      containers:
      - name: testcurl
        image: tutum/curl
        command:
          - sleep
          - "100000"

Then create an EnvoyFilter with this manifest:

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: test-lua
spec:
  workloadLabels:
    app: testcurl
  filters:
    - listenerMatch:
        listenerType: SIDECAR_OUTBOUND
        listenerProtocol: HTTP
      filterName: envoy.lua
      filterType: HTTP
      filterConfig:
        inlineCode: |
          function envoy_on_request(request_handle)
            request_handle:logWarn("Hello World")
          end

When I now send a request to another service in the cluster from this deployment, I would expect to see the message "Hello World" in the sidecar of testcurl.
But only when I remove the workloadSelector this happens.

Version
Istio 1.1.1

Installation

helm install ~/istio/istio-1.1.1/install/kubernetes/helm/istio --name istio --namespace istio-system -f ~/istio/istio-1.1.1/install/kubernetes/helm/istio/values.yaml  --set global.mtls.enabled=true --set global.tracing.enabled=true --set pilot.traceSampling=100.0 --set tracing.enabled=true --set grafana.enabled=true --set global.useMCP=true --set pilot.resources=

Environment
Kubernetes 1.13.0 on local Docker for Mac