Added metric to return TLS Key Size and Information

[djcode]

Adding this PR as a request for feedback. I feel this still needs some more testing and tweaking (I have only tested the TCP side of this, but HTTP and GRPC should work in theory)

I wanted more information around the key behind certificates gathered by blackbox exporter. This code adds a new metric.

GET /probe?module=tcps&target=facebook.com:443

probe_ssl_last_chain_key_bits{fingerprint_sha256="04ab30d58500a8615dd86dbe75b8489e2780bdb32047cbd3eabf5ec0a4452766",type="ec"} 256

GET /probe?module=tcps&target=twitter.com:443
probe_ssl_last_chain_key_bits{fingerprint_sha256="b5e60c61ac47a6eff6a54f54dcb46d65d51ff1f7e27356b541fe5a3ff4ce6db1",type="rsa"} 2048

In this output fingerprint_sha256 is a sha256sum of the raw public key from the certificate. This way, you can detect two certificates sharing the same key (or a certificate reissue not also rotating the key).

[EconomicTouristsArmLate]

@djcode This would be super helpful to me.

It might be even better to return the shortest key by type in the cert chain, in order to identify weak certs, similar to how probe_ssl_last_chain_expiry_timestamp_seconds considers the whole cert chain (tls.ConnectionState.VerifiedChains docs). I.e. I want to be able to spot an intermediate cert with 256bit RSA, even when the last chain element is RSA 4096.