feat: support mTLS and anonymous aliases

[overtrue]

Summary

• Add rc alias set --anonymous so aliases can be created without SigV4 credentials, and skip signing for custom XML/admin HTTP requests when anonymous mode is enabled.
• Add --client-cert / --client-key alias options and wire the PEM client identity into the reqwest clients used for S3 XML and admin requests.
• Surface auth_mode and mtls in alias JSON output and long human output, with validation/tests for anonymous credentials and partial client identity inputs.

Closes #209

Validation

• cargo test -p rustfs-cli --test help_contract -- --nocapture
• cargo test -p rustfs-cli --test error_contract -- --nocapture
• cargo test -p rustfs-cli alias -- --nocapture
• cargo test -p rc-s3 test_admin_client_invalid_ca_bundle_path_surfaces_error -- --nocapture
• Attempted cargo test --workspace -j1; local macOS run was terminated with SIGTERM while running the existing client::tests::delete_bucket_cors_missing_configuration_is_successful after the earlier suites passed.

BREAKING CHANGES

This change adds new alias configuration behavior and fields for auth_mode and mtls compatibility.

[Copilot]

Pull request overview

This PR adds new alias capabilities to the CLI and S3/admin clients: (1) configuring aliases that intentionally perform unsigned (anonymous) requests, and (2) configuring mTLS client identity (client cert/key) for endpoints that require mutual TLS. It also updates CLI output and contract tests to surface and validate these new alias properties.

Changes:

• Extend alias configuration to include anonymous, client_cert, and client_key, and validate these combinations in rc alias set.
• Wire mTLS identity into the reqwest clients used by S3 XML requests and admin API requests, and skip SigV4 signing when anonymous is enabled.
• Extend alias list output (JSON + long human output) and update CLI contract tests accordingly.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
crates/s3/src/client.rs	Adds mTLS support to reqwest client construction and skips XML SigV4 signing when anonymous; updates SDK config handling and tests.
crates/s3/src/admin.rs	Adds mTLS identity support for admin client and skips SigV4 signing when anonymous.
crates/core/src/config.rs	Updates config test fixtures to include new alias fields.
crates/core/src/alias.rs	Adds anonymous, client_cert, client_key fields to the alias model with serde defaults.
crates/cli/src/commands/alias.rs	Adds --anonymous, --client-cert, --client-key flags; makes credentials positional args optional; surfaces auth/mTLS state in list output.
crates/cli/tests/help_contract.rs	Updates help contract expectations for the new alias set usage/flags.
crates/cli/tests/error_contract.rs	Adds contract tests for anonymous aliases and client identity validation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.