Preflight checks fail for Postres after TLS is configured

[xavpaice]

Problem to solve

Preflight checks for Postgres fail after TLS is enabled on the respective service. Currently, Preflight checks cannot be configured to utilize a CA bundle, certificate, or a private key to validate authentication.

Customer Impact

• Increased support burden with support tickets related to the failed preflight checks.
• Some customers refuse to upgrade to a later version due to preflight check failure

Describe possible workarounds

• Disable TLS for Postgres (not feasible)
• Disable certificate checks entirely

Potential solution

Add collector options to the Postgres collectors:

• require server authentication,
• passing a custom CA bundle to deal with self signed ones,
• passing a certificate and a private key for client authentication purpose.

The Postgres connection is configured in the collector using the https://github.com/lib/pq driver, which, according to the docs, accepts the following in the connection string:

* sslcert - Cert file location. The file must contain PEM encoded data.
* sslkey - Key file location. The file must contain PEM encoded data.
* sslrootcert - The location of the root certificate file. The file
  must contain PEM encoded data.
Valid values for sslmode are:

* disable - No SSL
* require - Always SSL (skip verification)
* verify-ca - Always SSL (verify that the certificate presented by the
  server was signed by a trusted CA)
* verify-full - Always SSL (verify that the certification presented by
  the server was signed by a trusted CA and the server host name
  matches the one in the certificate)