Add TLS configuration settings/endpoints for auxiliary transports

[finnegancarroll]

Description

Add settings for configuring keystore/truststore resources for optional auxiliary client/server transports in OpenSearch core which are supplied and registered by plugins. For more information regarding auxiliary transports see opensearch-project/OpenSearch#16534.

Initially aux transports will only support client-certificate authentication:
https://opensearch.org/docs/latest/security/authentication-backends/client-auth/

Similarly no authorization functionality is included in this PR and is planned for follow up work.

Introduces the following settings for configuring TLS for auxiliary transports:

Enable

plugins.security.ssl.http.enabled
plugins.security.ssl.aux.clientauth_mode
plugins.security.ssl.aux.enabled_ciphers
plugins.security.ssl.aux.enabled_protocols

// will respect the following global settings
plugins.security.disabled
plugins.security.ssl_only

Keystore settings

// for keystores
plugins.security.ssl.aux.keystore_type
plugins.security.ssl.aux.keystore_alias
plugins.security.ssl.aux.keystore_filepath
plugins.security.ssl.aux.keystore_password
// for pemkeys
plugins.security.ssl.aux.pemkey_filepath
plugins.security.ssl.aux.pemkey_password

Truststore settings

// for truststore
plugins.security.ssl.aux.truststore_type
plugins.security.ssl.aux.truststore_alias
plugins.security.ssl.aux.truststore_filepath
plugins.security.ssl.aux.truststore_password
// for pemcerts
plugins.security.ssl.aux.pemcert_filepath
plugins.security.ssl.aux.pemtrustedcas_filepath

Issues Resolved

#5104

Do these changes introduce new permission(s) to be displayed in the static dropdown on the front-end? If so, please open a draft PR in the security dashboards plugin and link the draft PR here

Testing

Added tests for SettingsManager and ContextManager for new transport type.
CI will fail due to missing definitions in core since the corresponding PR adding SecureAuxTransportSettingsProvider is still in review.

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Attention: Patch coverage is 70.51282% with 23 lines in your changes missing coverage. Please review.

Project coverage is 71.68%. Comparing base (305df57) to head (04ba906).
Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...rg/opensearch/security/ssl/SslSettingsManager.java	79.62%	4 Missing and 7 partials ⚠️
.../opensearch/security/ssl/config/SslParameters.java	21.42%	11 Missing ⚠️
...ensearch/security/ssl/util/SSLConfigConstants.java	83.33%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5152      +/-   ##
==========================================
+ Coverage   71.64%   71.68%   +0.04%     
==========================================
  Files         335      335              
  Lines       22748    22803      +55     
  Branches     3599     3607       +8     
==========================================
+ Hits        16297    16346      +49     
- Misses       4651     4655       +4     
- Partials     1800     1802       +2     

Files with missing lines	Coverage Δ
...arch/security/ssl/OpenSearchSecuritySSLPlugin.java	87.24% <100.00%> (ø)
...a/org/opensearch/security/ssl/config/CertType.java	100.00% <100.00%> (ø)
...opensearch/security/ssl/util/SSLRequestHelper.java	66.98% <100.00%> (ø)
...ensearch/security/ssl/util/SSLConfigConstants.java	80.76% <83.33%> (+1.60%)	⬆️
...rg/opensearch/security/ssl/SslSettingsManager.java	74.66% <79.62%> (+1.58%)	⬆️
.../opensearch/security/ssl/config/SslParameters.java	53.84% <21.42%> (-3.10%)	⬇️

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[finnegancarroll]

Marking this as draft while I revise.
Several key points identified in companion PR tracked in aux transport meta issue.

We will need a more flexible framework for configuring aux transports in security plugin to support:

• Multiple enabled aux transports at a time
• Distinct security configurations for each enabled aux transport