ZOOKEEPER-4992: Avoid overriding same-subject certs in PEM trust store

[tsaarni]

When a PEM bundle is loaded as a trust store, each certificate is added to an in-memory KeyStore.
Previously, the certificate’s subject name was used as the alias, which caused entries to be overwritten when multiple certificates shared the same subject name.

This change assigns a unique alias to each certificate, ensuring that all certificates from the PEM bundle are preserved in the trust store.

Certificates valid at the same time can share the same subject name, for example CA certificate might be reissued with another key type.

https://issues.apache.org/jira/projects/ZOOKEEPER/issues/ZOOKEEPER-4992

[tsaarni]

One of the CI tests failed, but I think it might just be a flake. @kezhuw, could you please re-run the test?

[tsaarni]

When you have a chance, could someone review this PR? Thanks!

[anmolnar]

I'm fine with the patch overall, but I have a small suggestion.

[anmolnar]

Shall we check the name already exists first and add the suffix only when it's necessary?

[tsaarni]

@anmolnar Yes, that's a good idea. I updated it and added a check to make sure the aliases have the right suffix. Now, the first suffix starts from 2 since the first one doesn't have one.

[tsaarni]

The sequence numbers in the suffixes aren't working perfectly logically, for example, if adding four certificates with subjects cn=foo, cn=foo, cn=bar and cn=bar, the aliases become cn=foo, cn=foo-2, cn=bar, and cn=bar-3, but I hope it does not need to be perfect, since the keystore aliases are not really used for anything.

[tsaarni]

Hi @anmolnar, gentle ping on this PR. I'm happy to make further tweaks.