feat(NODE-4179): allow secureContext in KMS TLS options

[durran]

Description

Allows users to pass a secureContext option to the TLS options in client encryption and auto encryption.

What is changing?

• Allows a secureContext option to the tlsOptions:<provider> option in autoEncryption options on the MongoClient or the options for ClientEncryption.
• Adds tests that ensure a secureContext option takes precedence over the driver tls* options, that the tls* options aren't attempted to be read from the file, and that it works end-to-end.

Is there new documentation needed for these changes?

Yes, update the MongoDB manual to show the precedence of the options.

What is the motivation for this change?

NODE-4179

Release Highlight

Allow a secureContext for Auto Encryption and Client Encryption TLS options

This can be provided in the tlsOptions option both both objects.

import * as tls from 'tls';
import { ClientEncryption, MongoClient } from 'mongodb';

const caFile = await fs.readFile(process.env.CSFLE_TLS_CA_FILE);
const certFile = await fs.readFile(process.env.CSFLE_TLS_CLIENT_CERT_FILE);
const secureContextOptions = {
  ca: caFile,
  key: certFile,
  cert: certFile
};
const options = {
  keyVaultNamespace: 'db.coll',
  kmsProviders: {
    aws: {}
    }
  },
  tlsOptions: {
    aws: {
      secureContext: tls.createSecureContext(secureContextOptions),
    }
  }
};

const client = this.configuration.newClient({}, { autoEncryption: { ...options, schemaMap } });
const clientEncryption = new ClientEncryption(client, options);

Double check the following

• Ran npm run check:lint script
• Self-review completed using the steps outlined here
• PR title follows the correct format: type(NODE-xxxx)[!]: description
  • Example: feat(NODE-1234)!: rewriting everything in coffeescript
• Changes are covered by tests
• New TODOs have a related JIRA ticket