Support for non certificate-based authentication against managed sql database services with Kine

[log1cb0mb]

Most managed database services such as AWS and Azure, do not support certificate-based authentication. Integrating Kamaji TCP with externally managed SQL database services is an ideal use case where users can not only offload datastore backend management but also benefit from all the features that cloud provider solutions provide.

However Kine's implementation of Kamaji currently only supports client certificate-based authentication where datastore.spec.tlsConfig are not only fixed/mandatory but also TCP does not allow overriding default kine arguments which is to always use cert-based authentication.

Proposal:

• Datastore's tlsConfig should be conditional based on target SQL server to be used. By default managed database services use public CAs e.g Digicert so there shouldnt be any need to specify trust chain for those. Afaik Kine by default performs "full-ca" verification as its sslmode so trusting public CA should not be an issue.
• Make kine arguments configurable accordingly by the user. For e.g if public CA is used and against managed sql service that does not support cert-based authentication then Kine server should run without specifying cert auth flags; arguments linked above.

Based on my tests so far, standalone Kine is able to connect to e.g Azure Postgres server without specifying any TLS config.

Similar requirement: #420