Add TLS/SSL support for all external connections

[ecrist]

Summary

• Adds configurable TLS/SSL support for all external connections: MongoDB, Elasticsearch, Topolograph WebSocket, and webhook outputs
• Controlled via a single TLS_ENABLED env var with support for CA certificates, client certificates (mTLS), and certificate verification toggle
• Certificate files are mounted from ./certs/ into containers; .gitignore updated to prevent accidental cert commits
• Fully backwards compatible — when TLS_ENABLED=False (default), all behavior is unchanged

Files changed

File	Change
.env / .env.template	New TLS config variables (TLS_ENABLED, TLS_CA_CERT, TLS_CLIENT_CERT, TLS_CLIENT_KEY, TLS_VERIFY)
docker-compose.yml	Pass TLS env vars + mount ./certs/ volume into both Logstash containers
logstash/pipeline/logstash.conf	Conditional TLS for MongoDB, Topolograph HTTP, Webhook, and Elasticsearch outputs
logstash/index_template/create.py	HTTPS scheme, CA cert verification, mTLS client certs via requests
client.py	Topolograph availability check supports TLS
.gitignore	Ignore cert/key files in certs/
certs/.gitkeep	Placeholder directory for TLS certificates

How to enable

1. Set TLS_ENABLED=True in .env
2. Place ca.pem, client.pem, client-key.pem in ./certs/
3. For MongoDB mTLS, also create client-combined.pem (cert + key concatenated)

Test plan

• Verify default behavior unchanged with TLS_ENABLED=False
• Test MongoDB connection with TLS enabled and valid certs
• Test Topolograph WebSocket with HTTPS endpoint
• Test Elasticsearch index creation over HTTPS
• Test webhook delivery over HTTPS
• Verify cert files in certs/ are gitignored

🤖 Generated with Claude Code

[Vadims06]

Hi, @ecrist,
Thanks for creating a pull request. May I ask you to include a test certificate generation into the Test plan (how to request, generate, etc) it would help to quicker test the changes