Support client certificates if the server requires them (mTLS)

[c0mputerguru]

I have my tandoor server protected via mTLS to prevent unauthorized devices from even getting access to the server. I also just found this app, and wanted to check it out. Unfortunately, it didn't work with my server and I was getting a "client certificate not sent" error.

I know that Android has it's own implementation of a certificate store as that is what other apps like Home Assistant use. So I tried to see if I could get at least the Android implementation of this app to work with that certificate store. I did the following:

1. If when testing a server it states that it requires a client certificate, let the user select a certificate from the android store. For iOS and JVM, this is currently left unimplemented as I don't know what iOS has available and I'm not sure what is standard for JVM apps. Save the pointer to the certificate alongside the credentials.
2. Refactor instantiation of the HttpClient to be platform specific and for the android version use the certificate from the OS store.
3. Stop using a custom client in the ViewModel. I'm not quite sure why there was a custom client there other than to override the timeout. I don't think it makes sense creating different clients all over the place with different timeout values.

After this, I got everything working, but images weren't loading. I hadn't seen that images were loaded via ImageLoader. To fix that, I had to:

1. Refactor the ImageLoader to be created in one spot rather than throughout all the individual UI components.
2. Implement a singleton factory to create the ImageLoader and have it also use similar logic to fetch the certificate on Android.

I've got a debug build of this running on my phone and it's able to connect and I'm able to browse my tandoor instance.

[aimok04]

Hi,
Thanks for the PR! :)

I am currently a bit busy, but I'll take a look at it sometime in the following weeks, it's definitely a good addition!