feat: Add TLS to atuin-server (#1457)

* Add TLS to atuin-server

atuin as a project already includes most of the dependencies necessary
for server-side TLS.  This allows `atuin server start` to use a TLS
certificate when self-hosting in order to avoid the complication of
wrapping it in a TLS-aware proxy server.

Configuration is handled similar to the metrics server with its own
struct and currently accepts only the private key and certificate file
paths.

Starting a TLS server and a TCP server are divergent because the tests
need to bind to an arbitrary port to avoid collisions across tests.  The
API to accomplish this for a TLS server is much more verbose.

* Fix clippy, fmt

* Add TLS section to self-hosting

1 files changed, 11 insertions, 0 deletions

diff --git a/docs/docs/self-hosting/self-hosting.md b/docs/docs/self-hosting/self-hosting.md
index 8379f43f8..621b00f37 100644
--- a/docs/docs/self-hosting/self-hosting.md
+++ b/docs/docs/self-hosting/self-hosting.md
@@ -39,3 +39,14 @@ ATUIN_DB_URI="postgres://user:password@hostname/database"
 | `db_uri`            | A valid PostgreSQL URI, for saving history (default: false)                   |
 | `path`              | A path to prepend to all routes of the server (default: false)                |
 
+### TLS
+
+The server supports TLS through the `[tls]` section:
+
+```toml
+[tls]
+enabled = true
+cert_path = "/path/to/letsencrypt/live/fully.qualified.domain/fullchain.pem"
+pkey_path = "/path/to/letsencrypt/live/fully.qualified.domain/privkey.pem"
+```
+