No SSL compatibility for MariaDB 11.3+ client and also add check before using tools in backup and reseed

[caffeinated92]

SSL compatibility for MariaDB 11.3+ client. Related to #842 and #823

[svaroqui]

We should probably have different solution of managing ssl tag in config

• Before MariaDB 10.4 , mysql 8.0(flush privileges;reload certificates) the lack of https://mariadb.com/kb/en/flush/#flush-ssl. force us to check expired date of certificate and add the cluster trigger force restart with certificate regeneration before the rolling restart
• Before MariaDB 11.3 we can have a push config without restart and run flush ssl

• = MariaDB 11.3 do nothing the server protocol is self secure

[svaroqui]

Using opensvc and K8S we should use secrets to store ssl certificates and generate service config that expose them via shm to files , this enable to refresh the certificates inside container without restarting the service but by just replacing the secret and then use flush ssl or flush privileges

[svaroqui]

Add doc Secure cluster in transit explaining all this and may be the janitor proxies

[svaroqui]

A new task for DBJobs Get server certificates For replication-manager to work using SSL we have client certificates config variables .

--db-servers-tls-client-cert string                    Database TLS client certificate
 --db-servers-tls-client-key string                     Database TLS client key

Insure that we use those inside configurator instead of nothing and preserved the one generated, if those client certificates a given to us via config it means it exists some server certificates that we could fetch as well for configurator to integrate and adapt to current database setting

Document in what context those parameter are used And check if they get integrated in configurator seem like a lot redondant and could surelly be simplified

      --db-servers-tls-ca-cert string                        Database TLS authority certificate
      --db-servers-tls-client-cert string                    Database TLS client certificate
      --db-servers-tls-client-key string                     Database TLS client key
      --db-servers-tls-server-cert string                    Database TLS server certificate to push in config
      --db-servers-tls-server-key string                     Database TLS server key to push in config
      --db-servers-tls-use-generated-cert                    Use the auto generated certificates to connect to database backend
      --prov-tls-server-ca string                            server TLS ca
      --prov-tls-server-cert string                          server TLS cert
      --prov-tls-server-key string                           server TLS key

[svaroqui]

https://dev.mysql.com/doc/refman/8.4/en/using-encrypted-connections.html#using-encrypted-connections-server-side-runtime-configuration

Using MySQL Looks like possible to set the certificates directly in variables

https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_auto_generate_certs