Use Keycloak devservice for OIDC MTLS authentication

[sberyozkin]

Currently, integration-tests/oidc uses a custom test factory which launches Keycloak, with the main reason being that Keycloak dev service can not support Keycloak MTLS authentication.

But in fact very little has to be changed in the Keycloak dev service code to get started with MTLS, it already supports arbitrary resource mappings and also custom start commands. The only initial thing I had to do was to get the mapped HTTPS port, when HTTPS is required. Right now I did not even introduce another property like httpsRequired, if the start command has anything related to --https, HTTPS must be supported. A bit more work will be needed to make it work for shared containers later.

I also had to add Tls helper to KeycloakTestClient for tests which require (m)TLS be able to pass keystore resource names to it. I used a record first, but it makes it difficult just to do new Tls() and gets its properties defaulted to some values.

Also converted test keystore resource to .p12, was not really necessary, but it is worth moving to p12 even in tests, as Clement would agree.

I decided to go with this PR to simplify testing OIDC MTLS binding PR which is also in progress

[gastaldi]

LGTM

[sberyozkin]

Forgot to mention I also updated KeycloakTestClient to support retrieving refresh tokens only, as one of the integration-tests/oidc tests requires it

[gastaldi]

Looks good, feel free to merge when CI is done

[sberyozkin]

Thanks @gastaldi, applied the suggestion, one last run

[quarkus-bot]

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit b28fbb7.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.