Documentation: improve TLS docs.

[stuclem]

The TLS docs need more work.

Comment from @hickeng by email:

---

I suggest we separate (the TLS doc) in the following manner:

1. How to supply a server certificate for a VCH (this is a really common thing for many servers - should be the piece people are most familiar with).
2. How to configure client authentication (mutual authentication)
3. How to disable TLS
   --> what certificates are required for each of these (certificate authority, server certificate and key, client certificate and key), which role needs which certificates and how they're used in installation.
   --> explicitly not talking about how those certificates are obtained

Then a separate section on the fact that we generate trivial versions of these certificates as a convenience when possible (--tls-cname or --client-network-ip), and that if wanting more control over the certificates than we provide for that the certificates can be generated by standard means (e.g. openssl for linux) or obtained from a certificate provider (https://en.wikipedia.org/wiki/Certificate_authority#Providers)

---

See also:

• The changes to doc/user/usage.md in https://github.com/vmware/vic/pull/3049/files.
• @hickeng 's comments in [skip ci] Doc updates related to help reorg, option renaming, TLS  #2939 (review) , [skip ci] Doc updates related to help reorg, option renaming, TLS  #2939 (review) and [skip ci] Doc updates related to help reorg, option renaming, TLS  #2939 (review)

[stuclem]

There's a great writeup of TLS from @hickeng in #3087 (comment).

[stuclem]

Too late for GA. TLS is well-covered by @hickeng 's rewrites. Reinstate the security overview to the doc in a post-GA update.

[stuclem]

This issue was moved to vmware/vic-product#70