TLS support for database protocols

[sunng87]

Both mysql and postgresql shares same port of plain-text connection and secure one. Unlike http or grpc transports, database protocols have their own tls handshake process. So we might not be able to utilize haproxy or cloud load balancer for tls termination. Tls support has to be implemented in database side. Task including:

• provide option to configure certs/key for mysql/postgresql
• load configured certs/key from file system
• start mysql/postgresql port with tls acceptor
• add session information about whether a connection is secure or not

We can provide options to restrict insecure connection access in future

[SSebo]

@sunng87 Should TLS acceptor be added in following location?

greptimedb/src/servers/src/mysql/server.rs

Line 89 in e823cde

async fn start(&self, listening: SocketAddr) -> Result<SocketAddr> {

greptimedb/src/servers/src/postgres/server.rs

Line 91 in e823cde

async fn start(&self, listening: SocketAddr) -> Result<SocketAddr> {

[sunng87]

Yes, at least we need some configuration to enable TLS.

For postgres, using pgwire, TLS is already supported via this option, which is set to None to disable. There is an example in pgwire to demo its usage.

For MySQL, I haven't got time investigate its library support for TLS, we probably need to work with upstream and upstream of upstream for the support.

When all protocol level supported finished, we need to add last-mile configuration to manage and load cert/key files.

[SSebo]

For MySQL, looks like there is one issue about this.
I will try to port jonhoo/msql-srv#23 implementation to opensrv-mysql.

[SSebo]

I made a PR to opensrv-mysql to support MySQL TLS databendlabs/opensrv#34