Support mutual TLS when calling the GitLab API

What does this MR do?

Support mutual TLS when calling the GitLab API

Added two new flags client-cert-key-pairs and ca-certs.

Related Issue: #548

Please refer to the pervious discussion and review comments for more details. !663 (closed)

Changelog: added

Steps to generate self signed certificate:

1. Login to your Gitlab Pages instance and go to /etc/gitlab/ssl location.

cd /etc/gitlab/ssl

2. Create a test.txt file with the following content. The subjectAltName can include either DNS, IP, or both depending on the setup. You can update the DNS and IP values as needed.:

subjectAltName = DNS:localhost,IP:127.0.0.1

# Generating certificate authority:
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=GitLab, Inc./CN=GitLab Root CA" -out ca.crt

# Generating client certificate and signing using certificate authority
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 9999 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -extfile test.txt

# Verifying signed certificate
openssl verify -CAfile ca.crt client.crt

3. To provide full certificate chain, append content of ca.crt into client.crt.
4. On both GitLab and GitLab pages instances, copy client.crt into /etc/gitlab/trusted-certs.

TODO

• Feature flag
  • Added feature flag:
  • This feature does not require a feature flag
• I added the Changelog trailer to the commits that need to be included in the changelog (e.g. Changelog: added)
• I added unit tests or they are not required
• I added acceptance tests or they are not required
• I added documentation (or it's not required)
• I followed code review guidelines
• I followed Go Style guidelines

/cc @vshushlin