Enable TLS for Fabric-X Committer Container

[Rozerxshashank]

Closes: #1295

Description

This PR enables TLS for the Fabric-X committer all-in-one test container. It ensures secure communication between the sidecar, the orderer, and the query services by removing the insecure default settings.

Key Changes

• Security: Removed the --insecure flag from the committer container command.
• Configuration: Updated sidecar environment variables to utilize TLS certificates from the crypto artifacts.
• Dynamic Integration: Updated DeployNamespace and tryListInstalledNames to respect the network's TLSEnabled status.

[mbrandenburger]

Thank you @Rozerxshashank for your PR! This is a solid start.

Please check integration/nwo/fabricx/topology.go:30 - where we currently disable TLS for fabricx topos - that needs to be removed in order to see if your proposed changes work :D

A few more comments below.

[mbrandenburger]

we could even try mtls mode here.

[mbrandenburger]

Note that this configures the "orderer client" of the sidecar. In addition to that, we need tls configuration for the mock orderer, the the query service using the crypto material we inject into the container.

[Rozerxshashank]

Updated SC_SIDECAR_ORDERER_TLS_MODE to mtls in the latest commit.

[Rozerxshashank]

Understood. Removing the --insecure flag now correctly triggers the use of the injected crypto material for all container components, ensuring the entire setup is consistent with the network's TLS settings

[mbrandenburger]

Note that by removing --insecure you enable mtls for every component in the committer image. See here https://github.com/hyperledger/fabric-x-committer/blob/main/docker/images/test_node/run#L12

However, I believe for our tests it is only relevant that the components that are exposed to FSC MUST enabled TLS. All other communication between committer components can be insecure for our testing purpose.

If we remove --insecure, by default the built-in crypto material in the container is used to configure TLS; we need to carefully wire the things together; that is ... every component that is exposed to FSC need to use crypto material we inject into the container; all other components can be either insecure - or use the built-in material (if that is possible).

WDYT?

[Rozerxshashank]

I've implemented conditional logic for the --insecure flag. It's now only added if TLS is disabled globally in the network topology. When TLSEnabled is true, we remove the flag to ensure all exposed components use the injected crypto material, aligning the sidecar with the rest of the FSC environment.

[mbrandenburger]

I know it was misleading already before, this is the chance we fix the bad naming. We should use scMSPID, scMSPDir, and scTLSDir as all belongs to the committer.

[Rozerxshashank]

Renamed peerMSPDir to scMSPDir and peerTLSDir to scTLSDir across the scv2 and v3 extensions to clarify that they belong to the sidecar committer. I've also updated the ContainerEnvVars signature accordingly. :D

[mbrandenburger]

Why not using filepath?

[Rozerxshashank]

I initially used path.Join because these paths are used inside the Linux container (where forward slashes are required). However, I've switched them back to filepath.Join to maintain consistency with the rest of the project. Fixed in the latest commit.