Add Postgresql sslrootcert option

[joachimBurket]

The sslrootcert parameter specifies the name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities (in the case of an SSL connection to the PostgreSQL DB).

See the option in the documentation here: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-SSLROOTCERT

Resolves #417

[LeoColomb]

Thanks for submitting this pull request, @joachimBurket.
I'd like to suggest another approach.
I think it would be more future-proof and more flexible for other engines to render the values directly under a new .Values.externalDatabase.options.

It would be something like that:

      OPTIONS: {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.options "context" $) | nindent 8 }}

What do you think?
That would help to cover the bunch of potential parameters: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
/cc @RangerRick

[RangerRick]

@LeoColomb yeah, I like this; should be pretty easy to implement and avoids a TON of boilerplate on the user's part

[RangerRick]

and allows you to decide how to set sslmode, whether you want to set up client certificates as well, etc.

[LeoColomb]

Suggested change

	OPTIONS:
	sslmode: {{ .Values.externalDatabase.sslMode | quote }}
	{{- if .Values.externalDatabase.sslRootCert }}
	sslrootcert: {{ .Values.externalDatabase.sslRootCert | quote }}
	{{- end}}
	target_session_attrs: {{ .Values.externalDatabase.targetSessionAttrs | default "read-write" | quote }}
	OPTIONS: {{- include "common.tplvalues.render" (dict "value" .Values.externalDatabase.options "context" $) | nindent 8 }}

[LeoColomb]

Suggested change

	sslMode: prefer
	sslRootCert: ""
	connMaxAge: 300
	disableServerSideCursors: false
	targetSessionAttrs: read-write
	connMaxAge: 300
	disableServerSideCursors: false
	## @param externalDatabase.options Additional PostgreSQL client parameters
	## Ref: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS
	##
	options:
	sslmode: "prefer"
	target_session_attrs: "read-write"

[LeoColomb]

Suggested change

	| `externalDatabase.sslMode` | PostgreSQL client SSL Mode setting | `prefer` |
	| `externalDatabase.sslRootCert` | PostgreSQL client SSL Root Certificate setting | `""` |
	| `externalDatabase.connMaxAge` | The lifetime of a database connection, as an integer of seconds | `300` |
	| `externalDatabase.disableServerSideCursors` | Disable the use of server-side cursors transaction pooling | `false` |
	| `externalDatabase.targetSessionAttrs` | Determines whether the session must have certain properties | `read-write` |
	| `externalDatabase.connMaxAge` | The lifetime of a database connection, as an integer of seconds | `300` |
	| `externalDatabase.disableServerSideCursors` | Disable the use of server-side cursors transaction pooling | `false` |
	| `externalDatabase.options` | Additional PostgreSQL client parameters | `{}` |

[kamal-shaker]

FYI: We are currently using these options:

   'OPTIONS': {
      'sslmode': 'require',
      'sslcert': '/etc/ssl/certs/netbox/cloudsql/dev/cert.crt',
      'sslkey': '/etc/ssl/certs/netbox/cloudsql/dev/key.crt',
      'sslrootcert': '/etc/ssl/certs/netbox/cloudsql/dev/ca_cert.crt',
    }

So in the options parameter, we'd do something like?

    - options:
        sslmode: require
        sslcert: /etc/ssl/certs/netbox/cloudsql/dev/cert.crt
        sslkey: /etc/ssl/certs/netbox/cloudsql/dev/key.crt
        sslrootcert: /etc/ssl/certs/netbox/cloudsql/dev/ca_cert.crt