Enable SSL auth for FE to query APs

[rynge]

The OSPool will be reconfigured to move to use the HTCSS defaults of requiring secure channels (i.e., setting authentication, integrity, and encryption to REQUIRED). One roadblock in this transition is how to query 3rd party APs. We will use SSL for most of these APs. The frontend config (/var/lib/gwms-frontend/vofrontend/frontend.condor_config) currently has:

# Force GSI authentication
SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, GSI
SEC_DEFAULT_AUTHENTICATION = REQUIRED

We are suggesting to changing this to:

# Allow IDTOKENS and GSI, except for for AP querying where SSL is also allowed
SEC_DEFAULT_AUTHENTICATION_METHODS = IDTOKENS, GSI
SEC_CLIENT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS), SSL
SEC_DEFAULT_AUTHENTICATION = REQUIRED

[brianhlin]

FWIW, I think that SSL auth is automatically added to the list of SEC_CLIENT_AUTHENTICATION_METHODS if the HTCSS defaults are untouched but it doesn't hurt to make this explicit