BE: Support PEM trust/key stores and mTLS configuration. (#1437)

[iamtakingiteasy]

• Breaking change? -- Shouldn't be, configuration changes are append-only, unspecified store type is considered as JKS/PKCS12 (both can be handled under either and technically only a preference hint).

What changes did you make?
Resolves #1437

Adds support for PEM keystore/truststore and mTLS configuration, replacing manual KeyManagerFactory/TrustManagerFactory calls with spring boot SslBundle to parametrize the kafka client and http/netty clients.

• TruststoreConfig/KeystoreConfig extended with truststoreType/keystoreType with possible values of JKS, PKCS12 and PEM
• KeystoreConfig is extended with keystoreCertificate for [pem] client certificate file.
• Cluster is extended with securityProtocol and kafkaSsl for mTLS client certificate.

Out-of-the scope FE change: ApplicationConfigPropertiesKafkaSchemaRegistrySsl -> KeystoreConfig as reusable DTO is introduced, auto-generated one no longer exists.

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

• No need to
• Manually Tested on mTLS cluster with PEM, JKS and PKCS12 keystores
• Unit checks
• Integration checks
• Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES) -- no environment variable changes is necessary in documentation compose files
• My changes generate no new warnings (e.g. Sonar is happy)
• I have added tests that prove my fix is effective or that my feature works -- a rather heavy setup would be required
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged -- no dependencies

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

[github-actions]

Hi iamtakingiteasy! 👋

Welcome, and thank you for opening your first PR in the repo!

Please wait for triaging by our maintainers.

Please take a look at our contributing guide.

[Haarolean]

@iamtakingiteasy openapi spec here is outdated/a backup, typespec (*.tsp) files need to be obe updated to

[iamtakingiteasy]

@Haarolean It is updated accordingly as well, see model KeystoreConfig / enum StoreType / enum SecurityProtocol and corresponding references. I don't see anything missing; kafkaConnect.keystoreType is updated to StoreType among other things.

[iamtakingiteasy]

Playwright E2E seem flaky, passed on the same commit on fork repo; requesting re-run from someone with permissions.

[iamtakingiteasy]

Wait, no. it's actually was ran on different commit than PR branch.

Uses: kafbat/kafka-ui/.github/workflows/e2e-playwright-run.yml@refs/pull/1503/merge (0440282)

which is a merge into current upstream, when passing commit is dc3d50c -- nonconflicting, but as of now already behind the upstream main branch, rebased.