allow to skip TLS check in acme http-01 challenge

[rubroboletus]

solves #22074 allows to set "tls_skip" on pki acme, which will skip TLS check on acme http-01 challenges.

[hashicorp-cla]

All committers have signed the CLA.

[kitography]

Hi @rubroboletus - thanks for the PR! Sorry for the delay here.

We've taken a look at this internally:

• Currently this pull request produces different behaviour for PKI secrets engines that are created under this code compared to those that are migrated to the version using this code. In particular, the default behaviour is "true", but go-booleans default to false. We want to avoid behaviour where a mounts default values differ depending on which version of vault a mount was created - rather than which version they are currently running. This sort of inconsistency is known as particularly hard for users and for our support staff to understand and debug.
• Having checked with internal stakeholders, we don't think it makes sense to require TLS verification when that is from a redirect from http. In particular, it's no less secure than http. That reduces the amount of configuration necessary which would be really nice.

If you want to take a look at simply skipping TLS verify in the redirect case (removing configuration), we'll accept that PR. If
you don't get to this before Friday November 10th, I'll take a stab at it.

Thanks!

[rubroboletus]

Hi @kitography,

ok, I have removed all the configurable logic and just simply ignore TLS.

[stevendpclark]

@rubroboletus Thanks for the PR, much appreciated and sorry about the delay getting this merged.

I've added a test case so we don't accidentally break this in the future.