Updating TLSconfig for WebSocketServer

[tegefaulkes]

Specification

When the root key pair changes we need to update anything that depends on this. This change event is propagated through the events system. One of the changes is updating the TLS config the RPC servers are using. Previously this could be done dynamically but now with the WebSocketServer this can only be set when starting it.

This means that the WebSocketServer needs to be restarted when this event happens. This means any active connections are potentially interrupted.

To support this we need to make the following changes.

1. When the root keypair is updated we need to restart the WebSocketServer.
2. When restarting the WebSocketServer we need to gracefully end any active connections.
3. We need to propagate an abort signal to the stream handler to signal ending.
4. expand the force stop options to allow for forcing connections to end, Signalling connections to end gracefully or just wait for all active connections to end.
5. Add a feature to block all new connections so when waiting for connections to end new ones can't start.

Additional context

• Related Client RPC migration #509

Tasks

1. When the root keypair is updated we need to restart the WebSocketServer.
2. When restarting the WebSocketServer we need to gracefully end any active connections.
3. We need to propagate an abort signal to the stream handler to signal ending.
4. expand the force stop options to allow for forcing connections to end, Signalling connections to end gracefully or just wait for all active connections to end.
5. Add a feature to block all new connections so when waiting for connections to end new ones can't star

[tegefaulkes]

This requires adding 3 new features to the RPC system. As for timing, this is low priority since it doesn't fix anything that is strictly broken. It only allows us to update the TLS while running the PolykeyAgent. A work around for now is to just restart the agent completely after changing the keys.

This can be addressed at any time.

[CMCDragonkai]

I think this should be part of phase 2 too @tegefaulkes.

[tegefaulkes]

We don't want to kitchen-sink PRs, it can be done after the stage 2 agent migration.

[tegefaulkes]

As part of #540 it was simple to enable this feature.

Should be fixed by #535

[CMCDragonkai]

So while removing UWS gives us the ability to switch the TLS configuration per connection. What about the actual reactive propagation of changes of the root key pair?

Until #444 is done, we have to rely on the current event bus to propagate changes. So this issue needs to address the reactive key pairs using just the event bus as per the tasks you written in OP.

[tegefaulkes]

This is done, I re-enabled updating the TLS for the webSocketServer when it's triggered via the event bus.