Add ability to configure Encryption in Transit

We are working towards FedRAMP: https://internal-handbook.gitlab.io/engineering/fedramp-compliance/. As part of this effort, we will need to support encryption in transit for both internal and external connections. The environment to be used is the Hybrid RA, deployed on AWS, as done by Horse.

There are a few areas to think about.

Inbound communication

Generally TLS today, but also need to ensure encryption all the way back to final service inside k8s.

Communication between VM / EKS

Gitaly and other resources are outside of the cluster. We will need a way to ensure encryption between VM and EKS-based resources.

Inter-pod communication

Assuming we have inter-pod communications, then we need to explore a way to secure that. Here is a good resource: https://aws.github.io/aws-eks-best-practices/security/docs/network/#encryption-in-transit_1, which details from AWS a few ways to do this. These vary from using a service mesh, to changing out the CNI interface.

Communication between services on the same Pod

We are still confirming, but seems like we will need to ensure anything routing over a network connection (versus say a socket) needs to be encrypted. Stay tuned to: https://internal-handbook.gitlab.io/engineering/fedramp-compliance/

Mutual authentication (Unnecessary)

We do NOT need mutual authentication. We confirmed this on the call with our partner.