Issue: Convert External Key Manager to Runtime Configuration

[itsharshvb]

Issue Type

Feature Enhancement

Summary

Convert the external key manager system from compile-time feature flags to runtime configuration, eliminating the need for recompilation to toggle features and improving operational flexibility.

Problem Statement

Currently, enabling or disabling external key management and mTLS authentication requires recompiling the application with different feature flags (external_key_manager and external_key_manager_mtls). This creates several operational and development challenges:

Operational Issues

1. Recompilation Required: To switch between internal and external key managers, or to enable/disable mTLS, the entire application must be rebuilt and redeployed
2. Emergency Response Delays: If the external key manager service fails, operators cannot quickly fall back to the internal key manager without rebuilding
3. Different Binaries: Dev and production builds are different, complicating testing and deployment
4. Configuration Drift: Hard to maintain consistent behavior across environments

Development Issues

1. Slow Iteration: Developers must rebuild to test different key manager configurations
2. Complex Build Matrix: Maintaining multiple feature flag combinations increases CI/CD complexity
3. Poor DX: Cannot easily test all scenarios (internal, external plain, external mTLS) without multiple builds

Code Quality Issues

1. No Startup Validation: Configuration errors surface at runtime rather than at startup
2. Feature Gate Proliferation: 30+ #[cfg(feature = "...")] guards scattered across the codebase