Support mTLS

[Odysseus1710]

Optional arguments added for client certificate & private key and use them for the TLS configuration so we are able to support mutual / two-way TLS.

Also I added the possibility to build MBedTLS when added as a submodule to the project.

Tested against a mosquitto broker with self-signed certificates and MBedTLS v3.6.4

./MQTTc --server mqtts:/<some_broker>:8883 --serverder ca.der --clientder client.der --clientkey client.key --subscribe some/status --verbose

[X-Ryl669]

Thank you for your work. It's well written, only a few nitpick changes. I'll come back to you ASAP after trying to merge it in esp-eMQTT5 repo to see if the changes in the CMakeLists.txt file doesn't break mbedtls there.

[X-Ryl669]

I haven't checked if the issue was solved on the MBedTLS source code. It seems you're ignoring the mbedtls-config.cmake file and directly specify the libraries in the file. This will work for a direct compilation target but I'm not sure it'll work for cross compiling since the library might be elsewhere (and heavily patched, like in esp-idf's version or Zephyr). Usually, I'm porting this library to ESP32 (in the esp-eMQTT5 repo) and I'm using mbedTLS there. I'll try this port and see if it breaks or if it works.

[Odysseus1710]

I added MBedTLS repo as a submodule so the dependencies are built from the sources directly and no packages are searched. But this can be left out her and addressed separately if wanted since it has nothing to do with the mTLS feature directly and is just helpful if you dont want mbedtls as a system requirement.

git submodule add https://github.com/Mbed-TLS/mbedtls
cd mbedtls
git checkout mbedtls-3.6
git submodule update --init --recursive

In this version the header <mbedtls/certs.h> seems to be not available anymore.

[X-Ryl669]

Ok, I've merged your PR, thanks. It was not possible to embed MbedTLS as a submodule as it broke with our other platforms, so instead, I've reworked the code so you can build mbedtls the way you want, and install it. You can have any version of MbedTLS (heavily patched like ESP-IDF does or vanilla from Github) and it will work.

You'll need to specify the path to the MbedTLSConfig.cmake they install (as usual, it's likely in /usr/local/lib/cmake/MbedTLS) by default and the new build procedure should find it and figure out the actual libraries and include path to use.

Please let me know if it works ok for you this way.

[Odysseus1710]

I tested it with building MbedTLS manually and installing it somewhere in my home directory (to not dump my system) and it works.

Quick how-to:

~/Projects/mbedtls$ cmake -B build -DCMAKE_INSTALL_PREFIX=./install
~/Projects/mbedtls$ cmake --build build/ -j4
~/Projects/mbedtls$ cmake --install build/
~/Projects/eMQTT5$ cmake -B build -DENABLE_TLS=ON -DMbedTLS_DIR=~/Projects/mbedtls/install/lib/cmake/MbedTLS

Thanks for cleaning this up