[log] debug: add intermediate logging to GenerateSelfSignedTLS in proxy/tls.go (#3154)

## Summary

Adds 3 debug log calls to `GenerateSelfSignedTLS` in
`internal/proxy/tls.go` using the existing `logTLS` logger
(`logger.New("proxy:tls")`).

## Changes

The function already logged at entry and completion. This PR adds
intermediate checkpoints:

| Step | New Log Call |
|------|-------------|
| CA cert created | `logTLS.Printf("CA certificate created: serial=%s,
notBefore=%s, notAfter=%s", ...)` |
| Server cert created | `logTLS.Printf("server certificate created:
dnsNames=%v, ipAddresses=%v", ...)` |
| PEM files written | `logTLS.Printf("TLS certificate files written:
caCert=%s, cert=%s, key=%s", ...)` |
| Key pair loaded | `logTLS.Print("TLS key pair loaded successfully")` |

## Why This Helps

`GenerateSelfSignedTLS` performs several distinct operations (key
generation, cert signing, file I/O, key-pair loading) where any step can
fail independently. Without intermediate logging, a failure at "failed
to load server cert pair" gives no indication whether the issue is in
the key generation, cert creation, or file writing phases. The new logs
pinpoint exactly how far the function progressed before failing.

## Logging Guidelines Followed

- Reuses existing `logTLS` logger — no duplicate declaration
- `Printf` used for structured data (serial, SANs, file paths)
- `Print` used for simple state confirmations
- No side effects in logger arguments
- All values are already computed before the log call
- 6 total log calls (3 existing + 3 new) — within the 3–7 recommended
range

## Files Changed

- `internal/proxy/tls.go` — 5 lines added (3 log calls + 1 newline
separation)




> Generated by [Go Logger
Enhancement](https://github.com/github/gh-aw-mcpg/actions/runs/23971566678/agentic_workflow)
·
[◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw-mcpg+%22gh-aw-workflow-id%3A+go-logger%22&type=pullrequests)

<!-- gh-aw-agentic-workflow: Go Logger Enhancement, engine: copilot,
model: auto, id: 23971566678, workflow_id: go-logger, run:
https://github.com/github/gh-aw-mcpg/actions/runs/23971566678 -->

<!-- gh-aw-workflow-id: go-logger -->

Author: lpcox

internal/proxy/tls.go

@@ -98,6 +98,8 @@ func GenerateSelfSignedTLS(dir string) (*TLSConfig, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse CA certificate: %w", err)
 	}
+	logTLS.Printf("CA certificate created: serial=%s, notBefore=%s, notAfter=%s",
+		caSerial.String(), notBefore.Format(time.RFC3339), notAfter.Format(time.RFC3339))
 
 	// --- Generate server certificate ---
 	serverKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
@@ -128,6 +130,7 @@ func GenerateSelfSignedTLS(dir string) (*TLSConfig, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to create server certificate: %w", err)
 	}
+	logTLS.Printf("server certificate created: dnsNames=%v, ipAddresses=%v", serverTemplate.DNSNames, serverTemplate.IPAddresses)
 
 	// --- Write files ---
 	caCertPath := filepath.Join(dir, "ca.crt")
@@ -148,12 +151,14 @@ func GenerateSelfSignedTLS(dir string) (*TLSConfig, error) {
 	if err := writePEM(keyPath, "EC PRIVATE KEY", serverKeyDER, 0600); err != nil {
 		return nil, fmt.Errorf("failed to write server key: %w", err)
 	}
+	logTLS.Printf("TLS certificate files written: caCert=%s, cert=%s, key=%s", caCertPath, certPath, keyPath)
 
 	// --- Build tls.Config ---
 	serverCertPair, err := tls.LoadX509KeyPair(certPath, keyPath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to load server cert pair: %w", err)
 	}
+	logTLS.Print("TLS key pair loaded successfully")
 
 	tlsCfg := &tls.Config{
 		Certificates: []tls.Certificate{serverCertPair},