Add support of TLS on `http.debug`

Summary

As part of an ongoing effort throughout GitLab, we would like to see the Prometheus metrics endpoint be capable of TLS, as we look to end-to-end encryption for application components in distributed environments. In order to do this, we need http.debug.tls to be implemented.

Details

The current design of the Prometheus metrics within the Container Registry, is that it is only provided over http.debug's listener, when http.debug.prometheus.enabled is set true. Currently, there is no means to configure this listener to service TLS requests, as can be done with the primary service via http.tls. We request that we implement TLS support on the http.debug listener.

An alternative may be to implement a dedicated Prometheus / metrics listener, which would also require TLS functionality.

Proposal

Implement a structure of settings from http.tls into http.debug.tls, enabling http.debug listener to serve TLS on http.debug.addr as with http.addr.

• If http.tls is provided, but http.debug.tls is not, this would inherit, easily enabling TLS.
• If http.debug.tls is provided, this would take precedence over any value within http.tls.

The logic is that the debug listener, and thus metrics endpoint, may wish to service traffic on a different FQDN / certificate CN/SAN than is present upon the primary service.