feat: Add OCSP support to federated environment

[viv]

Adds Online Certificate Status Protocol (OCSP) support to the federated Openfire setup:

• Add certificate generation script with full PKI hierarchy
• Add certificate import script for Openfire keystores
• Implement OCSP responder service via Docker compose
• Update documentation with OCSP usage instructions

The -o flag can now be used with start.sh to enable OCSP support.

[viv]

I think I've addressed all of the comments. I'm wondering about "promoting" some of this up to be useful in other the scenarios/configurations, but I think that might too much at the moment.

I'd also like a better approach for the truststore, I thought about pulling them on-demand (maybe in start.sh) from the Openfire repo but that would require Internet connectivity (probably fine), I'm not sure about the value of this vs the potential issues it would open up.

[guusdk]

I'd also like a better approach for the truststore, I thought about pulling them on-demand (maybe in start.sh) from the Openfire repo but that would require Internet connectivity (probably fine), I'm not sure about the value of this vs the potential issues it would open up.

This possibly should go in a different PR (to not be a blocker for this one). What problem do you want to fix with another approach?

[viv]

This possibly should go in a different PR (to not be a blocker for this one). What problem do you want to fix with another approach?

The truststore will become out of date, I manually copied the updated stores from Openfire with this PR so it will be good for a while but it feels a bit clunky.

[guusdk]

The truststore will become out of date, I manually copied the updated stores from Openfire with this PR so it will be good for a while but it feels a bit clunky.

Agree, but plugins etc also outdate all the time. Lets keep it as-is for now. If we find a good way to improve on this, let's do that in a new PR.