Support TLS PostgreSQL connections in notification_listener

[mb-shorai]

Hi, this PR implements TLS PSQL connections support for the notification_listener, as various managed database providers allow encrypted connections only, and it is generally a bad idea to disable encryption.

Related issue: #2097

With these changes it is possible to connect to databases with both TLS support and without. Please note that certificate verification is currently disabled, because it fits my use-case, and I don't have any experience with Rust whatsoever to make it configurable to support more use-cases. So I would be grateful if someone takes it over from here.

You can test it e.g. locally when running Postgres with the following command:

version: '3'
services:
  postgres:
    image: postgres
    ports:
      - '5432:5432'
    command:
      [
        "postgres",
        "-cshared_preload_libraries=pg_stat_statements",
        "-cssl=on",
        "-cssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem",
        "-cssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key"
      ]
    environment:
      POSTGRES_USER: graph-node
      POSTGRES_PASSWORD: let-me-in
      POSTGRES_DB: graph-node

And monitor Postgres connections with the following command:

SELECT datname,usename,ssl,client_addr,application_name
FROM pg_stat_ssl
JOIN pg_stat_activity
ON pg_stat_ssl.pid = pg_stat_activity.pid;

[azf20]

Thanks @mb-shorai ! @lutter interested in your thoughts here?

[lutter]

Nice! I just checked that our current setup still works with these changes, and it does! Could you rebase onto latest master? I'll then merge this PR.

[lutter]

NM - just found the rebase button 😎

[lutter]

Merged it - thanks a ton for doing this!