Support mTLS when exporting IPFIX from FlowAggregator

[antoninbas]

Describe what you are trying to solve
The current FlowAggregator cannot support the case where communications between the FlowAggregator and the external IPFIX collector go over an insecure network.

Describe the solution you have in mind
We propose to support mTLS, as a way to authenticate both the FlowAggregator (exporter) and the external collector.

Describe how your solution impacts user flows
When deploying the FlowAggregator, the following information will need to be provided (if mTLS is desired):

• CA certificate (as a Secret) to authenticate the server (collector) - by default, system root CAs will be used
• Private key and certificate (as a TLS Secret) so that the FlowAggregator can authenticate to the server - by default, client authentication will be disabled

There is no plan to support automatic certificate generation (for client cert & CA) at this stage.

Describe the main design/architecture of your solution
When mTLS (or TLS, i.e., without client authentication) is enabled, the required configuration will be passed along to the vmware/go-ipfix library to configure the IPFIX Exporter appropriately. This is already supported by the library, and we already leverage this to provide mTLS support between the Agent (FlowExporter) and the FlowAggregator (collector): https://github.com/vmware/go-ipfix/blob/5987b1a1cfbbdef46646fa1affedcc115d17bea4/pkg/exporter/process.go#L68C6-L79.
Besides adding the new configuration parameters, changes to this repository will be minimal.

Alternative solutions that you considered
N/A

Test plan
Include an e2e test with mTLS between the FlowAggregator and the test ipfix-collector.