fix(security): remove InsecureSkipVerify from metrics client (TLS-1) (#3982)

* fix(security): remove InsecureSkipVerify from metrics client (TLS-1)

Replace the unconditional InsecureSkipVerify: true TLS config in
newHTTPMetricsClient with the system cert pool (+ TLS 1.2 minimum).

Add an optional CACert field to MetricsConfig and to the exporter
ServerConfig so operators running zot with a self-signed or private
CA can point the exporter at the correct CA file instead of
disabling certificate verification entirely.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* feat(metrics): add HTTPS configuration for metrics exporter

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(security): enhance CA certificate handling in metrics client and add tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(security): improve CA certificate error handling in metrics client and update tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(tests): correct package name in minimal_client_test.go and simplify error declaration

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix(tests): update package name in minimal_client_test.go for consistency

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

examples/metrics/exporter/config-https-private-ca.json

@@ -0,0 +1,18 @@
+{
+    "Server": {
+        "protocol": "https",
+        "host": "127.0.0.1",
+        "port": "8443",
+        "cacert": "test/data/ca.crt"
+    },
+    "Exporter": {
+        "port": "8081",
+        "log": {
+            "level": "info",
+            "output": "/tmp/zot_exporter.log"
+        },
+        "metrics": {
+            "path": "/mymetrics"
+        }
+    }
+}