transport: use reverse lookup to match wildcard DNS SAN

[heyitsanthony]

Fixes #8268

[gyuho]

%q "+errStr?

[heyitsanthony]

already gets the space from " ("

[gyuho]

oh I see it now.

[gyuho]

lgtm. thanks

[codecov-io]

Codecov Report

Merging #8281 into master will decrease coverage by 0.21%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master    #8281      +/-   ##
==========================================
- Coverage   76.42%   76.21%   -0.22%     
==========================================
  Files         346      346              
  Lines       27055    27079      +24     
==========================================
- Hits        20676    20637      -39     
- Misses       4901     4963      +62     
- Partials     1478     1479       +1

Impacted Files	Coverage Δ
pkg/transport/listener_tls.go	66.44% <0%> (-12.76%)	⬇️
pkg/transport/timeout_conn.go	80% <0%> (-20%)	⬇️
pkg/adt/interval_tree.go	79.27% <0%> (-11.72%)	⬇️
auth/simple_token.go	86.79% <0%> (-6.61%)	⬇️
pkg/testutil/recorder.go	77.77% <0%> (-3.71%)	⬇️
clientv3/concurrency/election.go	80% <0%> (-2.41%)	⬇️
pkg/netutil/netutil.go	62.35% <0%> (-2.36%)	⬇️
etcdserver/cluster_util.go	76.64% <0%> (-1.46%)	⬇️
clientv3/watch.go	94.5% <0%> (-1%)	⬇️
proxy/grpcproxy/lease.go	87.61% <0%> (-0.96%)	⬇️
... and 14 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 608df0f...9aed03f. Read the comment docs.

[heyitsanthony]

This didn't work as approved; PTR records will return a trailing '.' that has to be stripped off. I've also added wildcard certs / a container for testing DNS. /cc @gyuho

[gyuho]

lgtm. Thanks!

[pires]

Can we have a 3.2.5 release? Waiting on this PR to re-enable peer authentication on my clusters.

[gyuho]

We will release this Wednesday or Friday.