Profiles API should take custom TLS config into account

[hiddeco]

Providing further context on https://github.com/weaveworks/weave-gitops/pull/1148#pullrequestreview-821572298.

The current state of the PR constructs a ChartPathOption in pkg/helm/charts.go in which the username and password from the HelmRepository referenced Secret are consumed. While this may be sufficient for most simple configurations that are behind a basic auth, it will not work for remote repositories with e.g. a self-signed certificate (or other custom TLS requirements).

To solve this, the certificates if present should be extracted from the Secret to e.g. temporary files (example: https://github.com/fluxcd/source-controller/blob/main/internal/helm/getter/getter.go#L29), and these file paths should then be passed on to ChartPathOptions.

[bigkevmcd]

We should use the same approach as Flux has done in the URL linked to by @hiddeco

@hiddeco would you be open to a PR to move that from internal/ so it could be reused?

[hiddeco]

Happy to have that specific (sub)module moved somewhere where it's publicly available, but would like to keep all of the other Helm code hidden behind internal, as it is very specifically designed for the quirks we have to work around within the context of the source-controller (without having to serve or think of other dependants).

To not couple this code base to the whole controller, it might be best to move it into fluxcd/pkg[/helm?]. Which would allow us to publish it as a standalone module.

[Himangini]

We should use the same approach as Flux has done in the URL linked to by @hiddeco

@hiddeco would you be open to a PR to move that from internal/ so it could be reused?

@bigkevmcd @hiddeco is the PR to move code from internal a blocker for this ticket?