config: Introduce cloud_storage_crl_file and wire into CS-client

Signed-off-by: Oren Leiman <oren.leiman@redpanda.com>

src/v/cloud_storage_clients/configuration.cc

@@ -53,6 +53,12 @@ build_tls_credentials(
             co_await cred_builder.set_system_trust();
         }
     }
+    if (auto crl_file
+        = config::shard_local_cfg().cloud_storage_crl_file.value();
+        crl_file.has_value()) {
+        co_await cred_builder.set_x509_crl_file(
+          *crl_file, ss::tls::x509_crt_format ::PEM);
+    }
     co_return co_await net::build_reloadable_credentials_with_probe<
       ss::tls::certificate_credentials>(
       std::move(cred_builder), "cloud_storage_client", std::move(name));

src/v/config/configuration.cc

@@ -1771,6 +1771,13 @@ configuration::configuration()
       {.visibility = visibility::user},
       std::nullopt,
       &validate_non_empty_string_opt)
+  , cloud_storage_crl_file(
+      *this,
+      "cloud_storage_crl_file",
+      "Path to certificate revocation list for cloud_storage_trust_file.",
+      {.visibility = visibility::user},
+      std::nullopt,
+      &validate_non_empty_string_opt)
   , cloud_storage_initial_backoff_ms(
       *this,
       "cloud_storage_initial_backoff_ms",

src/v/config/configuration.h

@@ -325,6 +325,7 @@ struct configuration final : public config_store {
     property<bool> cloud_storage_disable_tls;
     property<int16_t> cloud_storage_api_endpoint_port;
     property<std::optional<ss::sstring>> cloud_storage_trust_file;
+    property<std::optional<ss::sstring>> cloud_storage_crl_file;
     property<std::chrono::milliseconds> cloud_storage_initial_backoff_ms;
     property<std::chrono::milliseconds> cloud_storage_segment_upload_timeout_ms;
     property<std::chrono::milliseconds>