Enable TLS for Fabric-X Committer Container

[Rozerxshashank]

Closes: #1295

Description

This PR enables TLS for the Fabric-X committer all-in-one test container. It ensures secure communication between the sidecar, the orderer, and the query services by removing the insecure default settings.

Key Changes

• TLS enabled: topo.TLSEnabled is flipped to true with ClientAuthRequired, and a new WaitUntilReadyWithTLS variant is added. TLS client credentials are now threaded through namespace create/update/list operations via a unified top-level TLSConfig (replacing the previous per-service TLS fields on orderer,
  notifications, and query configs).
• UpdateNamespace implemented: Previously a stub TODO, it now works like DeployNamespace, both sharing a new createNSCommon helper that resolves MSP dirs, orderer address, and TLS config dynamically. Used in integration tests for (multiendorsement/deployment).
• Dynamic ports: The query service port is no longer hardcoded as 7001 but resolved by name via a new QueryServicePortName constant.
• Dead code removed: createMetanamespaceKey, WithApproverRole, IsApprover, hardcoded orderer port overrides, duplicate fxPlatform() helpers in test files (replaced by an exported FxPlatform() in platform.go), and the v3 package (its constants and env-var helpers are now inlined into the scv2 container config struct).

[mbrandenburger]

Thank you @Rozerxshashank for your PR! This is a solid start.

Please check integration/nwo/fabricx/topology.go:30 - where we currently disable TLS for fabricx topos - that needs to be removed in order to see if your proposed changes work :D

A few more comments below.

[mbrandenburger]

we could even try mtls mode here.

[mbrandenburger]

Note that this configures the "orderer client" of the sidecar. In addition to that, we need tls configuration for the mock orderer, the the query service using the crypto material we inject into the container.

[Rozerxshashank]

Updated SC_SIDECAR_ORDERER_TLS_MODE to mtls in the latest commit.

[Rozerxshashank]

Understood. Removing the --insecure flag now correctly triggers the use of the injected crypto material for all container components, ensuring the entire setup is consistent with the network's TLS settings

[mbrandenburger]

Note that by removing --insecure you enable mtls for every component in the committer image. See here https://github.com/hyperledger/fabric-x-committer/blob/main/docker/images/test_node/run#L12

However, I believe for our tests it is only relevant that the components that are exposed to FSC MUST enabled TLS. All other communication between committer components can be insecure for our testing purpose.

If we remove --insecure, by default the built-in crypto material in the container is used to configure TLS; we need to carefully wire the things together; that is ... every component that is exposed to FSC need to use crypto material we inject into the container; all other components can be either insecure - or use the built-in material (if that is possible).

WDYT?

[Rozerxshashank]

I've implemented conditional logic for the --insecure flag. It's now only added if TLS is disabled globally in the network topology. When TLSEnabled is true, we remove the flag to ensure all exposed components use the injected crypto material, aligning the sidecar with the rest of the FSC environment.

[mbrandenburger]

I know it was misleading already before, this is the chance we fix the bad naming. We should use scMSPID, scMSPDir, and scTLSDir as all belongs to the committer.

[Rozerxshashank]

Renamed peerMSPDir to scMSPDir and peerTLSDir to scTLSDir across the scv2 and v3 extensions to clarify that they belong to the sidecar committer. I've also updated the ContainerEnvVars signature accordingly. :D

[mbrandenburger]

I think I have a somewhat working fix. I will push it to you branch ok?

[mbrandenburger]

still WIP