feat: support PEM format for Kafka cluster SSL client certificates/key

[jpalomaki]

What is currently missing?

Currently Kafka cluster SSL connectivity requires Java-specific, file-based, password-protected key stores/trust stores. PEM format is not supported. Related GitHub discussion: #166

How could this be improved?

Kafka clients can be configured to use PEM SSL certificates/keys. AFAIK Aiven console also provides Kafka SSL certificates/keys in PEM format out of the box.

Hence it would be helpful to (optionally) allow cluster SSL client certificate/key and CA certificate chain to be configured in PEM format, which can also be readily injected through Spring config properties (as Strings). This might also help us externalize the cluster SSL config, e.g. when running Klaw in-container, where mounting SSL key files may not be trivial (e.g. in AWS ECS).

In an AWS environment, one option for loading the Kafka SSL properties/secrets at runtime, is to use e.g. Spring Cloud AWS (secrets manager or parameter store). See here for more details.

Security consideration: compare in-memory passwordless PEM private key (loaded at runtime from a secure vault such as AWS Secrets Manager) vs. filesystem-based, password-protected private key + in-memory password (loaded from a secure vault, or decrypted, at runtime).

Is this a feature you would work on yourself?

• I plan to open a pull request for this feature

[muralibasani]

@jpalomaki this issue is now closed after merging the relevant changes from #511 PR.

Ex klaw config which now works with pem certs as strings.

dev1.kafkassl.keystore.type=PEM
dev1.kafkassl.keystore.certificate.chain=-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----
dev1.kafkassl.keystore.key=-----BEGIN PRIVATE KEY-----
..
-----END PRIVATE KEY-----
dev1.kafkassl.truststore.certificates=-----BEGIN CERTIFICATE-----
..
-----END CERTIFICATE-----