HPCC-30746 Add support for bare-metal DFS TLS

[jakesmith]

1. Fix some issues that prevented the DFS service from being useable in bare-metal.
2. Allow dafilesrv in standard (non-SSL) configuration, to also listen for SSL connections.
   So that existing bare-metal connections continue to use existing port, and DFS calls can use the TLS route.
3. Modify the dafilesrv secret hook mapping, so that it allows no secret, which means, still establish a secure connection (TLS), but without certificates.

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

[github-actions]

https://track.hpccsystems.com/browse/HPCC-30746
Jira updated

[ghalliday]

I didn't see anything wrong/logic flaws, although I didn't follow it all. One question.

[ghalliday]

Does this mean this is not called when K8s calls bare-metal? Will this trigger failures?

[jakesmith]

that was a late addition and a mistake, there is 1 context it is called in which is explicitly bare-metal only (which is why added, thinking it was the only place), but it is also refactored code that could be called in general/in containerized too in theory (possibly only via containerized when ~foreign has been enabled..)
I'll remove.

[jakesmith]

@ghalliday - removed the isContainerized() test form getPreferredDafsClientPort (squashed in).

[mckellyln]

good find.

[mckellyln]

Approved.