Make ring an optional dependency in pingora-rustls

[mattgarmon]

Make ring optional in pingora-rustls

Alternative to #630.

Summary

pingora-rustls unconditionally depends on ring and activates rustls/ring, which prevents consumers from using a different CryptoProvider (e.g. aws-lc-rs for FIPS builds).

This PR makes ring an optional, default-on feature and adds a rustls-no-ring feature across the crate stack. No new dependencies. Fully backward compatible, and rustls continues to include ring.

This follows the approach suggested by @53v3n3d4 in #630, extended across the full crate stack so consumers can use it without patching pingora-core.

Consumers who bring their own provider:

pingora-core = { version = "0.8", features = ["rustls-no-ring"] }
# install your own CryptoProvider before TLS use

[53v3n3d4]

Hi Matt,

The approach is more like I see in other crates and also pingora, only a generic rustls feature. Than user choose, in this case, 2 options: ring or aws lc rs.

Here is how I am using

aws-lc-rs = { version = "1.15.1", default-features = false, features = ["fips"] }
pingora-core = { path = "../../../pingora/pingora-core", features = ["rustls"] }
pingora-proxy = { path = "../../../pingora/pingora-proxy", features = ["rustls"] }
pingora-rustls = { path = "../../../pingora/pingora-rustls", features = ["aws-lc-rs"] }

Than I have no ring in my tree and all use fips. The only changed from #630 is

# pingora-rustls/Cargo.toml

[features]
ring = ["rustls/ring", "dep:ring"]
aws-lc-rs = ["rustls/aws-lc-rs", "dep:aws-lc-rs"]

All other crates can keep the rustls feature as it is

pingora-rustls = { version = "0.8.0", path = "../pingora-rustls", optional = true }