Audit TLS things

[davidsbond]

Right now, TLS should work between clients and between raft members with mutual TLS and SPIFFE identities.

Ideally, this should be reviewed over by someone with more knowledge than me on the subject to make sure everything is above board and correct. Then documentation around creating a secure deployment should be made.

If the helm chart already exists from #82 it should also be updated to support all the TLS goodness, preferably with cert manager's CSI driver which seems ideal for this use-case.