cluster: add support of TLS encryption for TiDB cluster

[AstroProfundis]

What problem does this PR solve?

Add support for TLS encryption for TiDB cluster. Close #529

What is changed and how it works?

• Specification checks for TLS enabled cluster
• Generate CA and certificate for cluster
• Deploy certificates to server
• Start/Stop/Restart TLS enabled cluster
• Scale in/out TLS enabled cluster
• Upgrade TLS enabled cluster
• Update monitoring configs for TLS enabled cluster
• Adjust display output for TLS enabled cluster
• Testing

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)

Code changes

• Has exported function/method change
• Has exported variable/fields change
• Has interface methods change
• Has persistent data change

Side effects

• Possible performance regression
• Increased code complexity

Related changes

• Need to update the documentation

Release notes:

Add support of TLS encryption for TiDB cluster

[codecov-commenter]

Codecov Report

Merging #673 into master will increase coverage by 0.70%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #673      +/-   ##
==========================================
+ Coverage   58.07%   58.77%   +0.70%     
==========================================
  Files         255      257       +2     
  Lines       18904    19439     +535     
==========================================
+ Hits        10978    11425     +447     
- Misses       6473     6499      +26     
- Partials     1453     1515      +62     

Flag	Coverage Δ
#coverage	58.77% <ø> (+0.70%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ingcap/tiup/components/cluster/command/scale_in.go	75.00% <0.00%> (-7.36%)	⬇️
...pingcap/tiup/components/cluster/command/display.go	35.78% <0.00%> (-7.07%)	⬇️
...m/pingcap/tiup/pkg/cluster/task/update_topology.go	78.57% <0.00%> (-1.83%)	⬇️
...ngcap/tiup/components/cluster/command/scale_out.go	67.92% <0.00%> (-1.47%)	⬇️
...src/github.com/pingcap/tiup/pkg/cluster/manager.go	68.19% <0.00%> (-1.31%)	⬇️
...ithub.com/pingcap/tiup/pkg/cluster/spec/tispark.go	69.52% <0.00%> (-1.07%)	⬇️
....com/pingcap/tiup/pkg/cluster/operation/destroy.go	61.73% <0.00%> (-0.64%)	⬇️
...github.com/pingcap/tiup/pkg/cluster/task/action.go	17.07% <0.00%> (ø)
...ithub.com/pingcap/tiup/components/dm/spec/logic.go	77.65% <0.00%> (ø)
...ithub.com/pingcap/tiup/pkg/cluster/spec/profile.go	77.77% <0.00%> (ø)
... and 41 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6f08328...1fac178. Read the comment docs.

[july2993]

Error: failed to transfer CA cert to server: Process exited with status 1

pls fix ci

[july2993]

Role alway = ComponentName ?

[AstroProfundis]

No it's for example tispark-master as role and tispark as component name, identical for most components but not all.

[july2993]

seems this API should be designed as Transfer and Download at first. (not block this pr)

[lucklove]

LGTM

[lonng]

/merge

[ti-srebot]

Your auto merge job has been accepted, waiting for:

• 745

[ti-srebot]

/run-all-tests

[ti-srebot]

@AstroProfundis merge failed.

[lonng]

@AstroProfundis Please resolve the conflicts.