Support runtime reload for TLS resources

[zhtaoxiang]

This PR makes tls keystore/truststore swappable. If this is merged, there will be follow-up PRs to add the logic to reload keystore/truststore.

We make use of ssl-context library to make keystore/truststore swappable. Specifically, we create a SSLFactory with identity material and trust material swappable. Then we use KeyManagerFactory, TrustManagerFactory, SSLContext held by the SSLFactory to create other security contexts. This makes it possible to replace the keystore/truststore without recreating those security conterxts by replacing KeyManagerFactory and TrustManagerFactory of the SSLFactory.

[codecov-commenter]

Codecov Report

Attention: 29 lines in your changes are missing coverage. Please review.

Comparison is base (8713dc0) 61.47% compared to head (6e2662f) 61.57%.
Report is 1 commits behind head on master.

Files	Patch %	Lines
...n/java/org/apache/pinot/common/utils/TlsUtils.java	50.00%	16 Missing and 6 partials ⚠️
...pache/pinot/common/utils/grpc/GrpcQueryClient.java	0.00%	3 Missing ⚠️
...che/pinot/core/transport/grpc/GrpcQueryServer.java	0.00%	3 Missing ⚠️
...org/apache/pinot/core/util/ListenerConfigUtil.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #12277      +/-   ##
============================================
+ Coverage     61.47%   61.57%   +0.10%     
+ Complexity     1153      207     -946     
============================================
  Files          2417     2415       -2     
  Lines        131379   131350      -29     
  Branches      20266    20264       -2     
============================================
+ Hits          80762    80885     +123     
+ Misses        44715    44534     -181     
- Partials       5902     5931      +29     

Flag	Coverage Δ
custom-integration1	<0.01% <0.00%> (ø)
integration	<0.01% <0.00%> (ø)
integration1	<0.01% <0.00%> (ø)
integration2	0.00% <0.00%> (ø)
java-11	61.56% <43.13%> (+33.76%)	⬆️
java-21	27.81% <0.00%> (-33.66%)	⬇️
skip-bytebuffers-false	61.56% <43.13%> (+0.12%)	⬆️
skip-bytebuffers-true	27.80% <0.00%> (-33.64%)	⬇️
temurin	61.57% <43.13%> (+0.10%)	⬆️
unittests	61.57% <43.13%> (+0.10%)	⬆️
unittests1	46.59% <43.13%> (+0.15%)	⬆️
unittests2	27.81% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[snleee]

LGTM

@zhtaoxiang We recently did the similar thing in the context of Kafka client.

It would be great if we can provide this feature as a generic solution and provide the util from the common package.

Let's file the issue and refer this 2 PRs.