Add TLS config to S3 client

[LeviHarrison]

What this PR does

Adds the ability to configure the TLS config for the Thanos S3 client.

Note: Although I mostly copied the TLS config from Thanos, I omitted insecure_skip_verify because its value is overridden by the field of the same name in the parent HTTP config and is seemingly useless:

mimir/vendor/github.com/thanos-io/thanos/pkg/exthttp/transport.go

Lines 38 to 42 in 7d70e62

	tlsConfig, err := NewTLSConfig(&config.TLSConfig)
	if err != nil {
	return nil, err
	}
	tlsConfig.InsecureSkipVerify = config.InsecureSkipVerify

Which issue(s) this PR fixes or relates to

Fixes #1981, Fixes #1796

Checklist

• Tests updated
• Documentation added
• CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

[pracucci]

The CHANGELOG has just been cut to prepare for the next Mimir release. Please rebase main and eventually move the CHANGELOG entry added / updated in this PR to the top of the CHANGELOG document. Thanks!

[romangallego]

I think the insecure_skip_verify may not be useless as there are cases of S3 with certs errors that need to be handle with this parameter in configuration, as it is for loki. Actually --no-verify-ssl is contained on the aws cli and other tools becuase when the endopoint is on premises like an Hitachi, for example... the certs are not always valid.

[pracucci]

I'm going to close this PR because stale, but we can open it anytime if someone wants to pick up from here.

[LeviHarrison]

Would be happy help to shepherd this through, was just waiting on reviewers. Or did changelog rebase need to be done before that could happen?

[zalegrala]

I'd love to see this get in, but I also notice that we have a tls config we can pull out of dskit now. https://github.com/grafana/dskit/blob/main/crypto/tls/tls.go#L87

[reidlai]

Although source code incudes dskit, but s3.HTTPConfig has ignored Transport attribute under pkg/storage/bucket/s3/config.go

[Itaykal]

I'm going to close this PR because stale, but we can open it anytime if someone wants to pick up from here.

I see that the @LeviHarrison did mention they'd like to push this forward, any status on this? I'd love to see this get in.

If the statement is not relevant anymore I'll gladly help

[Itaykal]

@pracucci I'll gladly pick it up from here, could you please guide me through the process of continuing a stale PR? Do I edit it and add my branch instead or am I understanding things wrong?

[dimitarvdimitrov]

@pracucci I'll gladly pick it up from here, could you please guide me through the process of continuing a stale PR? Do I edit it and add my branch instead or am I understanding things wrong?

@Itaykal because this PR was opened from Levi's fork, I think cherry-picking their changes onto a branch of yours and opening a new PR is the way to go.