chore(e2e): make sure squid proxy generates a cert containing SANs

[adamancini]

What this PR does / why we need it:

While working on updating the http collector in Troubleshoot to detect a mitm proxy, I encountered:

I0924 19:29:37.934112   83567 run.go:142] Collecting support bundle: http/https-replicated-proxy
I0924 19:29:37.934361   83567 http.go:145] Request: GET / HTTP/1.1
Host: replicated.app
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip


Response: <nil>
I0924 19:29:37.942216   83567 http.go:154] Request failed: proxyconnect tcp: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

1727205940.640      0 10.128.0.9 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -
1727206177.942      0 10.128.0.9 NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -

Ensure that the cert generated for use by the Squid proxy contains IP SANs. CN-only certificates are generally deprecated.

This change results in the following stanza to exist in the CA:

 X509v3 extensions:
            X509v3 Subject Alternative Name:
                IP Address:10.128.0.4
            X509v3 Basic Constraints:
                CA:TRUE
            X509v3 Subject Key Identifier:
                A8:94:E4:1E:23:A4:4F:AE:58:BD:97:A5:58:29:FF:27:38:86:37:90

and the following stanza to exist in the server cert:

        X509v3 extensions:
            X509v3 Subject Alternative Name:
                IP Address:10.128.0.4
            X509v3 Subject Key Identifier:
                58:4A:14:A4:1A:F4:B1:CB:8B:0E:9D:E5:34:E2:95:52:D9:78:3F:0E
            X509v3 Authority Key Identifier:
                A8:94:E4:1E:23:A4:4F:AE:58:BD:97:A5:58:29:FF:27:38:86:37:90

and a successful transaction over the proxy:

I0925 16:48:14.166462  867476 run.go:142] Collecting support bundle: http/https-replicated-proxy
I0925 16:48:14.166613  867476 http.go:145] Request: GET / HTTP/1.1
Host: replicated.app
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip


I0925 16:48:14.339262  867476 http.go:158] Response: HTTP/1.1 200 OK
Cf-Cache-Status: DYNAMIC
Cf-Ray: 8c8c8028cb3b10e3-ORD
Connection: keep-alive
Date: Wed, 25 Sep 2024 16:48:14 GMT
Server: cloudflare
Content-Length: 0


I0925 16:48:14.339292  867476 http.go:183] raw response: []
I0925 16:48:14.339300  867476 http.go:191] empty response body

1727283373.026   1321 10.128.0.9 TCP_TUNNEL/200 2919 CONNECT replicated.app:443 - HIER_DIRECT/162.159.134.41 -
1727283383.581   2350 10.128.0.9 TCP_TUNNEL/200 2918 CONNECT replicated.app:443 - HIER_DIRECT/162.159.134.41 -

Which issue(s) this PR fixes:

Does this PR require a test?

Does this PR require a release note?

NONE

Does this PR require documentation?

NONE

[github-actions]

This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app license ID.

Online Installer:

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci/appver-dev-a26f506" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Airgap Installer (may take a few minutes before the airgap bundle is built):

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci-airgap/appver-dev-a26f506?airgap=true" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Happy debugging!