Istio v1.8.1: How to enable validatingwebhook's failurePolicy to fail?

There is a better solution than modifying the ValidatingWebhookConfiguration object.
IstioOperators allows modifying anything in the generated manifest through overlays.

This snippet would solve your problem until a fix is released.

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: default
  revision: 1-8-1
  tag: 1.8.1-distroless
  components:
## Here is the solution
    base:
      k8s:
        overlays:
          - kind: ValidatingWebhookConfiguration 
            name: istiod-istio-system
            patches:
              - path: webhooks.[name:validation\.istio\.io].clientConfig.service.name # << json path to reach the target value to fix
                value: istiod-1-8-1
###### :) 
    egressGateways:
      - name: istio-egressgateway
        enabled: true
  meshConfig:
    accessLogFile: /dev/stdout
    accessLogEncoding: JSON
    defaultConfig:
      holdApplicationUntilProxyStarts: true
    # defaultServiceExportTo: .
    enableAutoMtls: true
    enableTracing: false
    outboundTrafficPolicy:
      mode: REGISTRY_ONLY
  values:
    # tracing:
    #   enabled: false
    pilot:
      traceSampling: 0.0