TLS support

[see-quick]

It would be great to add TLS support to test-container, as we could use it with testing our test-clients repository. In the future, we can potentially integrate it into more of our repos (e.g., metrics-reporter). I think the approach could use openssl as we do it within strimzi-kafka-operator with a few Java APIs (e.g., CertificateFactory, KeyStore ...). It should also use just self-signed certificates, which should be enough for testing purposes.

exposing API should be clear, i.e.,:

StrimziKafkaCluster cluster = new StrimziKafkaCluster.StrimziKafkaClusterBuilder()                                                                                                                                                                                                                                                                                                                                                               
      .withTls()                                                                                                                                                                                                    
      .build();

and with other auxiliary methods such as isTlsEnabled, getTrustStoreBytes and getTrustStorePassword.
TLS should be applied only on the external listener, i.e., communication between broker <---> client. The CONTROLLER listener should remain operational in plain communication.

And also, an option to provide custom certificates if needed, instead of auto-generated ones.

[ppatierno]

Triaged on 5.2.2026: agreed it could be a useful improvement on the test-container. It should have a proposal to describe how the API would be implemented.

[katheris]

Related proposal: strimzi/proposals#202