Usage of Istio in MDS-core

[mrsimpson]

In MDS-Core, Istio seems to play an essential role.
As I've [learned already] (#891 (comment)), it is used for validation of JWT tokens but not for issuing them. For that, an external OAuth2-provider is needed.
I'd like to use this discussion to understand which responsibilities are taken by which component.
I am an absolute Istio-noob, I only read the front page of it. There, it says

Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes. Its powerful control plane brings vital features, including:

• Secure service-to-service communication in a cluster with TLS encryption, strong identity-based authentication and authorization
• Automatic load balancing for HTTP, gRPC, WebSocket, and TCP traffic
• Fine-grained control of traffic behavior with rich routing rules, retries, failovers, and fault injection
• A pluggable policy layer and configuration API supporting access controls, rate limits and quotas
• Automatic metrics, logs, and traces for all traffic within a cluster, including cluster ingress and egress

My main questions:

• Which of those features above are being utilized in MDS core ?
• How is Istio being configured? I have seen some pod annotations, but I doubt that's all.
• Does one need to deploy Istio when developing locally?

It'd be great if you could shed some light here!

Thanks,
Oliver