[receiver/tlscheckreceiver] allow scraping all certs

[sigmaris]

Description

This allows scraping all certificates in a PEM bundle, or all certificates returned by an endpoint, rather than just the leaf certificate. It can be useful to monitor which certificates are used in a bundle, or monitor when intermediate or CA certificates are due to expire.

Our use case for this is monitoring our private CA rotation process. We have a private CA with a relatively short-lived CA certificate, and rotate the CA cert by rolling out the new cert in a PEM bundle of trusted CAs, alongside the old CA cert. While the CA rotation is in progress, the PEM bundle contains both CA certificates, and servers using it will trust both CAs. It's therefore useful for us to be able to monitor all certificates in a PEM bundle, to confirm all servers have both CA certs in their file, and to monitor if any servers are still using an old CA cert which expires soon.

Link to tracking issue

This PR #45615

Testing

scraper_test.go tests scraping 2 certs in a file, I've also tested this in a real pipeline feeding to our internal Prometheus which produces the expected datapoints for a CA bundle with two different certificates in.

Documentation

Documentation of this option and an example has been added to the README.

[linux-foundation-easycla]

• ❌ - login: @sigmaris / name: Hugh Cole-Baker . The commit (1c37ad1) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

[github-actions]

Welcome, contributor! Thank you for your contribution to opentelemetry-collector-contrib.

Important reminders:

• Please review our Contributing Guidelines.
• Don't forget to sign the Contributor License Agreement (CLA) if you haven't already.

A maintainer will review your pull request soon. Thank you for helping make OpenTelemetry better!