Only check validity of certs in the chain of the node certificates

[cwperks]

Description

This PR updates the certificate validation checks on bootup to limit validation to only the certificates within the chain of the node certificates. In 2.18.0 there was a change that validated all certificates contained in a bundle even if they were not part of the chain from the node certificates. Since those certs are not pertinent to OpenSearch, the validation does not need to occur.

Opening this in Draft as POC to start soliciting some feedback. Automated tests need to be added for different scenarios.

• Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Bug fix

Issues Resolved

Related issue: #4949

See discussion on forum: https://forum.opensearch.org/t/is-this-an-issue-with-opensearch-or-the-security-plugin-upgrading-from-2-17-1-to-2-18-0/22395

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Attention: Patch coverage is 63.63636% with 20 lines in your changes missing coverage. Please review.

Project coverage is 71.62%. Comparing base (00ea10a) to head (ea515c8).
Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
.../opensearch/security/ssl/config/KeyStoreUtils.java	46.87%	14 Missing and 3 partials ⚠️
.../org/opensearch/security/ssl/SslConfiguration.java	81.25%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4979      +/-   ##
==========================================
- Coverage   71.71%   71.62%   -0.09%     
==========================================
  Files         337      337              
  Lines       22783    22823      +40     
  Branches     3604     3613       +9     
==========================================
+ Hits        16338    16348      +10     
- Misses       4642     4671      +29     
- Partials     1803     1804       +1     

Files with missing lines	Coverage Δ
...rch/security/ssl/config/KeyStoreConfiguration.java	67.53% <100.00%> (+2.74%)	⬆️
...h/security/ssl/config/TrustStoreConfiguration.java	63.15% <100.00%> (ø)
.../org/opensearch/security/ssl/SslConfiguration.java	77.19% <81.25%> (-1.66%)	⬇️
.../opensearch/security/ssl/config/KeyStoreUtils.java	53.09% <46.87%> (-3.23%)	⬇️

... and 10 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.