Multiple CN support for TLS connections

[Tema]

Bug Report

I want to use different CN for clients and TiKV nodes, but pd-server fails to startup if I specify more than one. I don't use TiDB layer and my clients run on a completely separate fleet and use completely separate certificates, so just do not make sense to have same CN.

What did you do?

Specify multiple values under:

[security]
## A CN which must be provided by a client
cert-allowed-cn = ["TiKV", "Client"]

as PD config accepts multiple values under security.cert-allowed-cn: https://github.com/tikv/pd/blob/af174e6401299e0d2ac8ef72a5f4beb48be535e2/conf/config.toml#L34-L35

What did you expect to see?

pd-server starts up and client with different CN could connect to it.

What did you see instead?

pd-server fails to start to startup due to this check: https://github.com/tikv/pd/blob/b4c1804adbec8fe3077a0f4c29a4f6495832724c/pkg/grpcutil/grpcutil.go#L93-L103.

What version of PD are you using (pd-server -V)?

5.4, but the latest master has same issue

[nolouch]

/assign @nolouch

[lhy1024]

1. make etcd support multiple cn and wait etcd release
   • [x] https://github.com/etcd-io/etcd/pull/18015
   • [x] https://github.com/etcd-io/etcd/pull/18160
2. update etcd to 3.5.15 in tidb-dashboard and pd
   • [x] https://github.com/pingcap/tidb-dashboard/pull/1709
   • [x] https://github.com/pingcap/tidb-dashboard/pull/1707
   • [x] https://github.com/tikv/pd/pull/8441
3. support multiple cn in pd and update doc
   • [x] https://github.com/tikv/pd/pull/8518
   • [x] https://github.com/tikv/pd/pull/8518#issuecomment-2316732172
   • [ ] update doc