Add support for -ca-path option in the connect envoy command

[timarenz]

The consul connect envoy CLI currently only takes CA certs that are provided using the -ca-file option. In some situations more then one CA file need to be used and therefore the `-ca-path* option exists in the Consul agent. However this option is not implemented for envoy itself.

Starting an envoy instance using the consul connect envoy commands using the -ca-path options results in an error.

consul connect envoy -ca-path="/path/to/some/cafiles/folder" -mesh-gateway -register -grpc-addr=https://127.0.0.1:8502

[2020-09-03 15:25:56.210][4342552][critical][main] [external/envoy/source/server/server.cc:95] error initializing configuration '/var/folders/zb/xqhmc3mx62g7gcr_1kg_vmd00000gp/T/envoy-163148f4268ed019-bootstrap.json': Proto constraint validation failed (BootstrapValidationError.StaticResources: ["embedded message failed validation"] | caused by StaticResourcesValidationError.Clusters[i]: ["embedded message failed validation"] | caused by ClusterValidationError.HiddenEnvoyDeprecatedTlsContext: ["embedded message failed validation"] | caused by UpstreamTlsContextValidationError.CommonTlsContext: ["embedded message failed validation"] | caused by CommonTlsContextValidationError.ValidationContext: ["embedded message failed validation"] | caused by CertificateValidationContextValidationError.TrustedCa: ["embedded message failed validation"] | caused by DataSourceValidationError.InlineString: ["value length must be at least " '\x01' " bytes"]): node {
  id: "mesh-gateway"
  cluster: "mesh-gateway"
  metadata {
    fields {
      key: "envoy_version"
      value {
        string_value: "1.14.2"
      }
    }
    fields {
      key: "namespace"
      value {
        string_value: "default"
      }
    }
  }
}
static_resources {
  clusters {
    name: "local_agent"
    type: STATIC
    connect_timeout {
      seconds: 1
    }
    hosts {
      socket_address {
        address: "127.0.0.1"
        port_value: 8502
      }
    }
    tls_context {
      common_tls_context {
        validation_context {
          trusted_ca {
            inline_string: ""
          }
        }
      }
    }

This PR fixes this by adding support for -ca-path for envoy as well.

[hanshasselberg]

LGTM! Thank you!

[hanshasselberg]

@timarenz consul starts generating changelog entries from special files in .changelog (see #8387). Could you create a file .changelog/8606.txt with an entry for this change?

Thanks!

[hashicorp-ci]

🍒❌ Cherry pick of commit a1fe711 onto release/1.6.x failed! Build Log

[hashicorp-ci]

🍒✅ Cherry pick of commit a1fe711 onto release/1.8.x succeeded!