TCK keystores use unsupported algorithm

[jacobwdv]

Keystores kept here: https://github.com/microprofile/microprofile-rest-client/tree/main/tck/src/main/resources/ssl

Can not be read using security providers that don't support the old PBE algorithm. Using a new openSSL client you can see more detail:

# openssl pkcs12 -info -in client.keystore  -noout -passin pass:"<password>"                               
MAC: sha1, Iteration 100000
MAC length: 20, salt length: 20
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 50000
Error outputting keys and certificates
005FD40D02000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

A suggested fix would be to use a modern keytool to import and export the keystore so that it uses the latest supported keystore algorithms.

keytool -importkeystore -srckeystore "$keystore_name" -destkeystore "$keystore_name"  -srcstorepass "$keystore_password" -deststorepass "$keystore_password"

[jamezp]

We should likely allowed these to just be overridden. There should be instructions on how to create them which would allow for things like the keytool-maven-plugin to be used so that runners can create their own certs. We could fallback to these, but IMO we should prefer runners creating their own certs to avoid things like expired certs.

[meiaus2024]

fyi - FAT test failure triage box note: https://ibm.box.com/s/l14tdsf361yvh3ho9knal392f1wgfyln