Use mTLS client cert auth for promtail->loki communication

[arturrez]

currently loki is exposed to 0.0.0.0 via HTTP we should move it to HTTPs we should use TLS client cert similar to https://community.grafana.com/t/client-certificate-authentication-between-promtail-and-loki/78431 to protect LOKI endoint from public access. Grafana should be configured to continue using http port with no auth as traffic there is local