cardano-tracer: Add TLS (SSL) functionality to EKG/Prometheus.

[Icelandjack]

Description

Implement TLS (SSL) functionality for EKG and Prometheus services.

SSL enforcement is configurable on a per-endpoint basis, users can now secure metrics exposure over HTTPS. An endpoint is either accessed through HTTP or HTTPS.

When epForceSSL (optional field) is enabled for an endpoint and valid certificates are provided, the servers (EKG and Prometheus) switch to using warp-tls for secure connections. This incorporates error handling and tracing for missing or invalid certificates. Not available for RTView.

{ "hasEKG":
  { "epHost": "127.0.0.1"
  , "epPort": 3100
  , "epForceSSL": true
  }
, "hasPrometheus":
  { "epHost": "127.0.0.1"
  , "epPort": 3000
  ,  "epForceSSL": true
  }
, ..
}

Supports a new certificate configuration (certificate, certificate key and optional certificate chain list), by specifying the optional tlsCertificate field. There is only one certificate that applies to all services.

{ "tlsCertificate":
  { "certificateFile": "/path/to/certificate.pem"
  , "certificateKeyFile": "/path/to/key.pem"
  , "certificateChain": ["/path/to/intermediate1.pem", "/path/to/intermediate2.pem"]
  }
, ..
}

Checklist

• Commit sequence broadly makes sense and commits have useful messages
• New tests are added if needed and existing tests are updated. These may include:
  • golden tests
  • property tests
  • roundtrip tests
  • integration tests
    See Runnings tests for more details
• Any changes are noted in the CHANGELOG.md for affected package
• The version bounds in .cabal files are updated
• CI passes. See note on CI. The following CI checks are required:
  • Code is linted with hlint. See .github/workflows/check-hlint.yml to get the hlint version
  • Code is formatted with stylish-haskell. See .github/workflows/stylish-haskell.yml to get the stylish-haskell version
  • Code builds on Linux, MacOS and Windows for ghc-9.6 and ghc-9.12
• Self-reviewed the diff