http server requirements due secure api

[kares]

Logstash 8.0 is securing it's HTTP API endpoint, for details please see: #13196
The initial implementation skipped a few things due limitations of the web server used (Puma).

Logstash will need to consider alternatives in terms of an embeddable web server or (preferably) resolve these issues with Puma:

• ✔️ fix a hang blocking certificate authentication mechanism: JRuby verify_mode: peer (force_peer) hang puma/puma#2729
  • [fix] TLS verification hang on JRuby puma/puma#2890
• ✔️ add TLS 1.3 support for Puma's JRuby backend
  • [jruby] enable TLSv1.3 support puma/puma#2886
• ✔️ ability to set a separate trust-store and key-store, atm trust-store uses the same file
  • [jruby] support a truststore option puma/puma#2849
  • [jruby] improve the truststore option puma/puma#2884
• UPDATE: [jruby] support setting TLS protocols + rename ssl_cipher_list puma/puma#2899
• UPDATE: [jruby] allow truststore without password puma/puma#2904

NOTE: Puma upstream changes are only on master branch and are not going to be part of the current 5.6 stable branch ...

[kares]

one more PR: puma/puma#2899

[kares]

and another PR: puma/puma#2904