Add comprehensive unit tests for Registrar TLS communication

This commit adds extensive unit tests to increase coverage for the
Registrar TLS communication feature, focusing on actual execution of
production code paths rather than just configuration validation.

Tests added in https_client.rs (10 tests, 330 lines):
- test_get_https_client_with_valid_certs: Validates successful HTTPS
  client creation with real generated TLS certificates
- test_get_https_client_insecure_mode: Tests insecure mode bypassing
  certificate validation
- test_get_https_client_missing_ca_cert: Tests error handling when
  CA certificate file is missing
- test_get_https_client_missing_client_cert: Tests error handling when
  client certificate file is missing
- test_get_https_client_missing_client_key: Tests error handling when
  client key file is missing
- test_get_https_client_invalid_ca_cert: Tests error handling with
  malformed CA certificate content
- test_get_https_client_invalid_client_identity: Tests error handling
  with invalid client certificate/key pair
- test_get_https_client_with_different_timeouts: Validates timeout
  configuration with various values (0, 1000, 5000, 30000, 300000ms)
- test_get_https_client_insecure_default: Tests default behavior when
  insecure flag is None
- test_get_https_client_empty_ca_cert_path: Tests error handling with
  empty certificate path strings

Tests added in registration.rs (17 tests, 581 lines):
- test_get_retry_config_all_none: Tests retry config when all values
  are None (should return None)
- test_get_retry_config_with_max_retries: Tests retry config with only
  max_retries set
- test_get_retry_config_with_initial_delay: Tests retry config with
  only initial_delay set
- test_get_retry_config_with_max_delay: Tests retry config with only
  max_delay set
- test_get_retry_config_with_all_values: Tests retry config with all
  values configured
- test_check_registration_with_none_context: Tests registration check
  with no context (early return path)
- test_register_agent_creates_agent_registration_config: Tests full
  registration flow with TLS config and retry config
- Plus 10 additional tests for TLS config validation, partial configs,
  insecure mode, and integration with real certificates

Tests added in registrar_client.rs (21 tests, 421 lines):
- Builder pattern tests for TLS configuration fields (ca_certificate,
  certificate, key, insecure, timeout)
- Tests for partial TLS configurations (missing CA, cert, or key)
- Tests for empty string paths and various timeout values
- test_builder_with_real_tls_certificates: Validates builder with
  actual generated certificates written to temp files
- test_builder_build_with_invalid_tls_cert_files: Tests build failure
  with non-existent certificate files
- test_tls_enabled_when_all_certs_provided: Tests TLS activation when
  all certificate paths are provided
- test_tls_disabled_when_insecure_true: Tests TLS bypass with insecure
  flag
- test_http_fallback_when_partial_tls_config: Tests HTTP fallback when
  only some TLS parameters are provided

Test infrastructure:
- Added generate_test_certificates() helper in registrar_client.rs that
  creates real CA, client, and server certificates using
  crypto::x509::CertificateBuilder
- Added generate_test_tls_certificates() helper in registration.rs for
  creating TLS test certificates
- Added generate_test_certificates() helper in https_client.rs for
  certificate generation
- All certificate generation uses crypto::testing::rsa_generate(2048)
  with proper PKCS8 PEM encoding
- Certificates written to temporary directories that are automatically
  cleaned up after tests

Coverage improvements:
- https_client.rs: Executes production TLS certificate loading code
  (lines 16-67), including CA cert parsing, client identity creation,
  and error handling paths
- registration.rs: Covers get_retry_config() function logic (lines
  33-52) and TLS config extraction (lines 60-71)
- registrar_client.rs: Tests builder configuration but not build()
  execution paths (requires running server)

All tests require --features testing flag as they depend on
crypto::testing::rsa_generate() which is only available with the
testing feature enabled.

Tests validated with: cargo test --features testing --lib
All 305+ tests passing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
Signed-off-by: Sergio Arroutbi <[email protected]>

Author: sarroutbi