BE: Support PEM trust/key stores and mTLS configuration. (#1437)

[iamtakingiteasy]

• Breaking change? -- Shouldn't be, configuration changes are append-only, unspecified store type is considered as JKS/PKCS12 (both can be handled under either and technically only a preference hint).

What changes did you make?
Resolves #1437

Adds support for PEM keystore/truststore and mTLS configuration, replacing manual KeyManagerFactory/TrustManagerFactory calls with spring boot SslBundle to parametrize the kafka client and http/netty clients.

• TruststoreConfig/KeystoreConfig extended with truststoreType/keystoreType with possible values of JKS, PKCS12 and PEM
• KeystoreConfig is extended with keystoreCertificate for [pem] client certificate file.
• Cluster is extended with securityProtocol and kafkaSsl for mTLS client certificate.

Out-of-the scope FE change: ApplicationConfigPropertiesKafkaSchemaRegistrySsl -> KeystoreConfig as reusable DTO is introduced, auto-generated one no longer exists.

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

• No need to
• Manually Tested on mTLS cluster with PEM, JKS and PKCS12 keystores
• Unit checks
• Integration checks
• Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES) -- no environment variable changes is necessary in documentation compose files
• My changes generate no new warnings (e.g. Sonar is happy)
• I have added tests that prove my fix is effective or that my feature works -- a rather heavy setup would be required
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged -- no dependencies

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

[github-actions]

Hi iamtakingiteasy! 👋

Welcome, and thank you for opening your first PR in the repo!

Please wait for triaging by our maintainers.

Please take a look at our contributing guide.

[iamtakingiteasy]

Playwright E2E seem flaky, passed on the same commit on fork repo; requesting re-run from someone with permissions.

[iamtakingiteasy]

Wait, no. it's actually was ran on different commit than PR branch.

Uses: kafbat/kafka-ui/.github/workflows/e2e-playwright-run.yml@refs/pull/1503/merge (0440282)

which is a merge into current upstream, when passing commit is dc3d50c -- nonconflicting, but as of now already behind the upstream main branch, rebased.

[Haarolean]

@iamtakingiteasy hi, we've merged a lil planned feature, could you rebase please?

[Haarolean]

@iamtakingiteasy but please, don't force push, otherwise the whole diff is marked as new for us

[iamtakingiteasy]

@Haarolean If you do mean *rebase*, it would rewrite history and require force-pushing to the PR branch while keeping changeset as single clean commit. *Merging* with upstream is possible without force-pushing, but will result in extra merge commit.

[iamtakingiteasy]

Seeing merge commits are quite common in PRs of this repo, I assume merging was implied.