chore: unify tls provider

[seanaye]

Our workspace has been split on the tls provider backend between rustls and openssl.

This PR consolidates on rustls as the provider of choice because it simplifies the build process and does not require system dependencies.

This should effectively be a noop in terms of behaviour but its a small step in trimming our dep graph.

• replace openssl tls dependencies with rustls
• remove remaining openssl runtime artifacts

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2ad077de-5ce5-4c02-9483-8b0f1400549e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR executes a comprehensive TLS backend migration across the Rust workspace and container images. The root workspace Cargo.toml is updated to configure dependencies with explicit rustls features and add the document_cognition_service/load-test crate. The authentication_service transitions from OpenSSL to the rsa crate for key generation using PKCS#1/PKCS#8 PEM formats. Approximately 20 crates remove their direct openssl dependency, and roughly 18 crates switch redis from tokio-native-tls-comp to tokio-rustls-comp. Additional crates update async-stripe to use the rustls runtime variant, and opensearch is configured to explicitly use rustls-tls. Container images across 10 Dockerfiles drop openssl from their apt package lists, retaining ca-certificates for SSL/TLS validation. Stale cargo-machete and deny.toml entries are cleaned up, and unused build dependencies are removed.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: unify tls provider' follows conventional commits format and clearly summarizes the main objective of consolidating TLS providers to rustls.
Description check	✅ Passed	The description is directly related to the changeset, explaining the motivation to consolidate on rustls and providing specific examples of changes made throughout the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}