Configure QueryServer and GrpcMailboxServer for TLS

[mgranderath]

We have a requirement that all communication needs to be secured using mutual TLS, also Pinot internal communication. From our investigation we found that both GRPC servers for the multi-stage query engine (QueryServer and GrpcMailboxServer) do not follow the existing server TLS configuration and use plain-text communication.

Context

currently, Pinot multi-stage engine doesn't respect the cluster TLS configuration (see: https://github.com/apache/pinot/pull/8720 which only the user-facing connections are TLS configured)

we should enable TLS configuration for communication channels across

• QueryServer: used between broker and server for query dispatch, and
• Mailbox ChannelManager: used between servers for data communication.

The solution should be fairly similar to the single-stage engine, which already supports channel TLS (#8207)

Additional Context

see Slack thread

[anandheritage]

@xiangfu0 Let me know if this should be fine as a beginner task. I can start with this.

[mgranderath]

Is there anything that I can do here to help get this across the line? We are still blocked from using the MSE due to this currently

[anandheritage]

@mgranderath Wasn't aware that it is blocking some major things. Will connect with you - I had raised the PR but because of the changes in the file - I need to rework on this

[mgranderath]

@anandheritage I'm in the slack workspace so you can message me there

[anandheritage]

@mgranderath Have started the work again : https://github.com/apache/pinot/pull/13645 Mostly like will finish off by the weekend.

If you have the access , kindly initiate the workflow for CI.