Respect `sslmode` option

[amotl]

Status quo

PostgreSQL uses the sslmode client parameter to configure SSL connectivity options across the board, see 32.19.3. Protection Provided in Different Modes. CrateDB's SQLAlchemy dialect currently only uses the ssl=true query parameter.

Proposal

Make it so that the CrateDB SQLAlchemy dialect is more standards-oriented, and will also accept the sslmode option, when applicable. Most prominently, @WalBeh asked for sslmode=require, in order to strictly use SSL, but to turn off host name validation.

This is needed to connect to https://localhost:4200/ successfully, which is apparent in K8s or other operational scenarios.

[amotl]

@WalBeh has a strong need for this, and he just renewed his interest in having it implemented. Thanks!

[amotl]

crash uses the verify_ssl_cert option to crate.connect() like observed here. Thanks, @WalBeh.

[amotl]

crate-pdo includes an example setup using Docker/Podman Compose, for running CrateDB with SSL enabled.

• Docker/Podman: Add basic runnable Docker Compose example for CrateDB+SSL cratedb-examples#825

Using crash, you can connect using the --verify-ssl=no option.

crash --host https://localhost:4200 --verify-ssl=no --command "SELECT 42;"

[amotl]

This patch implements the requested sslmode=prefer parameter.

• Add canonical PostgreSQL client parameter sslmode #202

Outlook: Let us target switching to SSL by default paired with a 1.0.0 release?

• Connectivity: Connect using SSL by default #204

/cc @matriv, @seut