feat: add prometheus metrics for TLS issuance and on-demand asks

[pauloappbr]

Closes #1683

Description

This PR introduces Prometheus metrics to the caddytls module to provide observability into certificate management and on-demand TLS operations. This addresses the long-standing request in #1683 and recent feedback from users needing visibility into rate limits and on-demand abuse.

Changes

• Introduced caddy_tls_obtain_total: Counter for certificates obtained or renewed (labeled by issuer and result).
• Introduced caddy_tls_on_demand_ask_total: Counter for on-demand ASK requests (labeled by result as allowed, denied, or error).
• Metrics are registered using ctx.GetMetricsRegistry() within Provision() instead of init(). This ensures integration with Caddy's internal metrics registry (admin endpoint) and supports graceful reloads by handling AlreadyRegisteredError.

Testing

Tested locally with a Caddyfile configured for on_demand_tls with an ask endpoint.

Verification Steps:

1. Run Caddy with on_demand_tls enabled.
2. Trigger certificate issuance via curl -k https://<new-domain>.
3. Check the admin metrics endpoint.

Output:

# HELP caddy_tls_obtain_total Total number of certificates obtained or renewed
# TYPE caddy_tls_obtain_total counter
caddy_tls_obtain_total{issuer="local",result="success"} 1

# HELP caddy_tls_on_demand_ask_total Total number of on-demand TLS ask requests
# TYPE caddy_tls_on_demand_ask_total counter
caddy_tls_on_demand_ask_total{result="allowed"} 1

Assistance Disclosure

I consulted an AI assistant (Gemini) to help diagnose issues regarding the metrics registry context isolation and to refine the implementation pattern for graceful reloads. I authored the integration code, ran the builds, and verified the functionality myself.