nsqd: Support a custom CA for communicating with nsqauth

[intellitrend-team]

We are using NSQ in production and are loving the experience.
We have implemented a custom nsqauth server and would like to encrypt the connection between nsqd and this endpoint with TLS because we don't want our authentication secrets to be sent over an unencrypted connection (potentially over an untrusted network).

Separating nsqd and the nsqauth server is common in cloud environments, where no assumptions about the network security should be made.

Passing an https:// URL to --auth-http-address works fine if the server-side certificate is trusted by the system CA pool, but self-signed certificates / custom CAs are not accepted by default, of course.
The --tls-root-ca-file is not respected for the auth HTTP request either, the *tls.Config in http.ClientTransport.TLSClientConfig is simply set to nil.
Adding a flag to support a custom CA or simply including the existing --tls-root-ca-file in the cert pool would greatly simplify encrypting the connection with a custom certificate.

[mreiferson]

I think this sounds reasonable, would you be interested in submitting a PR?

[UtR491]

@mreiferson can I take this one up, in case no one is working on it?

[intellitrend-team]

We have this feature implemented and working on our side already, so we can submit a PR on Monday.

[intellitrend-team]

If you have any more questions and suggestions for the PR, feel free to ask.