feat: TLS certs auto-reload

[StarAurryon]

Kubernetes is able to auto-renew certificates with cert-manager and update files in the container. I would be cool if Ory Hydra could support auto certificate update on file change.

Related issue(s)

#2568

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

Adds dependencies to fsnotify to support Mac/Windows/Linux.

This is an example of a working PoC. I need feedback ;-)

[codecov]

Codecov Report

Merging #2910 (45a4254) into master (ff10e17) will decrease coverage by 0.79%.
The diff coverage is 8.98%.

❗ Current head 45a4254 differs from pull request most recent head 4019d10. Consider uploading reports for the commit 4019d10 to get more accurate results

@@            Coverage Diff             @@
##           master    #2910      +/-   ##
==========================================
- Coverage   79.40%   78.60%   -0.80%     
==========================================
  Files         112      112              
  Lines        7889     7971      +82     
==========================================
+ Hits         6264     6266       +2     
- Misses       1223     1302      +79     
- Partials      402      403       +1     

Impacted Files	Coverage Δ
cmd/server/helper_cert.go	15.78% <4.81%> (-32.79%)	⬇️
driver/config/tls.go	91.66% <60.00%> (-8.34%)	⬇️
cmd/server/handler.go	63.76% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 00100a1...4019d10. Read the comment docs.

[aeneasr]

Cool stuff! This makes a ton of sense!

I would like for this PR though to wait for @aarmam's PR #2625 to be merged as it might introduce a few breaking changes again. But in general, this looks very good!

Alternatively, you could also branch off of #2625 :)

[StarAurryon]

Cool. I will wait to see things that have changed. In the meantime, if you have any recommendation on the coding style, please let me know. ;-)

[StarAurryon]

May I propose sth similar for kratos?

[aeneasr]

Sure! :) You can also work on kratos first and then port this here

[aeneasr]

In the meanwhile (while this is work in progress), I'll mark this as draft!

[StarAurryon]

Hi @aeneasr ,

Github seems quite buggy today. A lot of 500 are occurring, maybe because of Ukraine IDK. I have push the update synced with the latest master commit.

I also added a small 2 second wait until all changes are made to avoid spam reload in the logs.

As PR #2625 is merged and if it is ok for you we could avoid considering this as a Draft.

;-)

[aeneasr]

@StarAurryon is this good for review now? :)

[StarAurryon]

@aeneasr Yes that's ok. But as you mention part of the code is shared with the Kratos PR too. Merging it to the right ory/x could be better.

I am waiting for more instructions.

[aeneasr]

Merging it to the right ory/x could be better.

I think that's the way to go forward :)

[StarAurryon]

#3265 was merged. There is no more need for this PR