MDEV-25418 rsync SST does not work with stunnel encryption

1. Fix eval command line to correctly pass stunnel option to rsync on donor.
2. Deprecate `tkey`, `tcert` and `tca` options in [sst] section in favor of
   conventional `ssl-key`, `ssl-cert` and `ssl-ca`, but keep their precedence
   for backward compatibility.
3. Default to require SSL encryption if at least SSL key and cert files are
   specified in configuration, either in [sst] or [mysqld] sections.
4. Enable `verify*` option for stunnel on donor only if
   a. CA file is specified somewhere in the configuration
   b. it is explicitly requested in [sst] section by either specifying
   ssl-mode or CA file there. In this case if ssl-mode is not explicitly
   given, it defaults to VERIFY_CA.

   ssl-mode maps to stunnel options as follows:
   VERIFY_CA       -> verifyChain = yes
   VERIFY_IDENTITY -> verifyPeer = yes

   Example to require donor to verify joiner identity:
```
[mysqld]
ssl-cert=/path/to/cert
ssl-key=/path/to/key
ssl-ca=/path/to/ca

[sst]
ssl-mode=VERIFY_IDENTITY
```
5. If SSL verification is requested, joiner verifies donor by checking the
   secret passed to donor via SST request.
Signed-off-by: Julius Goryavsky <julius.goryavsky@mariadb.com>

mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.cnf

+!include ../galera_2nodes.cnf
+
+[mysqld]
+wsrep_sst_method=rsync
+
+[sst]
+tkey=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem
+tcert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem
+
+[mysqld.1]
+wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true'
+
+[mysqld.2]
+wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true'
+

mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key.test

+--source include/big_test.inc
+--source include/galera_cluster.inc
+--source include/have_debug.inc
+
+# Save original auto_increment_offset values.
+--let $node_1=node_1
+--let $node_2=node_2
+--source include/auto_increment_offset_save.inc
+
+--connection node_2
+CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
+
+--connection node_1
+--source suite/galera/include/galera_st_shutdown_slave.inc
+--source suite/galera/include/galera_st_clean_slave.inc
+
+--source suite/galera/include/galera_st_kill_slave.inc
+--source suite/galera/include/galera_st_kill_slave_ddl.inc
+
+# Confirm that transfer was SSL-encrypted
+--let $assert_text = Using stunnel for SSL encryption
+--let $assert_select = Using stunnel for SSL encryption
+--let $assert_count = 5
+--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err
+--let $assert_only_after = CURRENT_TEST
+--source include/assert_grep.inc
+
+--source include/auto_increment_offset_restore.inc

mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.cnf

+!include ../galera_2nodes.cnf
+
+[mysqld]
+wsrep_sst_method=rsync
+ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/client-cert.pem
+ssl-key=@ENV.MYSQL_TEST_DIR/std_data/client-key.pem
+ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem
+
+[sst]
+ssl-mode=VERIFY_CA
+
+[mysqld.1]
+wsrep_provider_options='base_port=@mysqld.1.#galera_port;gcache.size=1;pc.ignore_sb=true'
+
+[mysqld.2]
+wsrep_provider_options='base_port=@mysqld.2.#galera_port;gcache.size=1;pc.ignore_sb=true'
+

mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_server.test

+--source include/big_test.inc
+--source include/galera_cluster.inc
+--source include/have_debug.inc
+
+# Save original auto_increment_offset values.
+--let $node_1=node_1
+--let $node_2=node_2
+--source include/auto_increment_offset_save.inc
+
+--connection node_2
+CALL mtr.add_suppression("\\[ERROR\\] .*ib_buffer_pool' for reading: No such file or directory");
+
+--connection node_1
+--source suite/galera/include/galera_st_shutdown_slave.inc
+--source suite/galera/include/galera_st_clean_slave.inc
+
+--source suite/galera/include/galera_st_kill_slave.inc
+--source suite/galera/include/galera_st_kill_slave_ddl.inc
+
+# Confirm that transfer was SSL-encrypted
+--let $assert_text = Using stunnel for SSL encryption
+--let $assert_select = Using stunnel for SSL encryption
+--let $assert_count = 5
+--let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err
+--let $assert_only_after = CURRENT_TEST
+--source include/assert_grep.inc
+
+--source include/auto_increment_offset_restore.inc