Improve test proxy/mock fleet server to support further elastic-agent TLS tests

[pchila]

During development of #4770 it was not possible to test a scenario where elastic-agent installs and enrolls to an http mock fleet server using TLS going through an https proxy because:

• Using an http fleet endpoint requires specifying --insecure at install even when we have a correctly configured https proxy (no TLS validation would then happen) (see #4896)
• I tried having the proxy support https requests doing tunneling similar to goproxy, it didn't work but here's the code for reference

The testcase is TLSEnrollProxy-mTLSProxyInThePolicy where we try to test this scenario.

In order to test such scenario we would need at least one of 2 things:

• an https proxy that can terminate TLS and forward plain http requests to the mock fleet server (either extend proxy test or swap out for some other proxy implementation)
• have an https fleet endpoint (either mocked or the real thing in a cloud deployment), ideally where we can set up (m)TLS with custom CAs (this is not possible at the moment on ESS)

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

[AndersonQ]

I might be worth looking at how Caddyserver does that as well