feat: Default TLS encryption on Trillian services

[osmman]

This pull request enables TLS communication on the Trillian service, making it the default for OpenShift deployments. The implementation requires a rework of the process for creating Trillian trees to leverage Kubernetes Jobs.

Key Changes:

• Enabled TLS communication on Trillian services
• Reworked the creation process of Trillian trees to leverage Kubernetes Jobs.
• Updated relevant configurations and code to support the new TLS-enabled setup.

flowchart TD
    rekor -->|grpc| trillian-logserver
    ctlog -->|grpc| trillian-logserver
    createtree -->|grpc| trillian-logserver
    trillian-logsigner

Loading

Resolve tree action

The "resolve tree" action manages the creation of Merkle trees using the Trillian service. It includes setting up required resources, launching, and monitoring the creation process, and updating the custom resource with the new tree information.

Workflow:

1. Check Tree Status: Verify if the tree is already resolved.
2. Prepare Environment: Create/update RBAC resources and set up a ConfigMap for the tree creation job.
3. Launch Job: Submit a Kubernetes Job to execute the Trillian tree creation script with necessary configurations.
4. Monitor Job: Wait for job completion and handle its status.
5. Process Results: Extract and update the TreeID in the custom resource status.

Additional Information:

This pull request is based on the previous work done by @fghanmi in PR #493.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: osmman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [osmman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[osmman]

/test tas-operator-e2e

[bouskaJ]

/lgtm