Update Reference Architecture TLS recommendations for go compat
The recommendations for TLS certs in the reference architecture docs give the following:
Hostname, you can either use the Common Name field for this, or add it as a Subject Alternative Name.
However using the Common Name field for hostname without any Subject Alternative Name is not correct and is not supported by go. Deprecation notice https://golang.org/doc/go1.15#commonname
Using such an invalid certificate will result in errors such as:
transport: authentication handshake failed: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
Note that the GODEBUG=x509ignoreCN=0
workaround has been removed in go v1.17 https://golang.org/doc/go1.17#crypto/x509
This will likely affect all go services that use TLS.