Support encrypted traffic between ingress and queue-proxy

[nak3]

As described in the feature docs:

the HTTP Proxy (KIngress) needs to be able to accept certificates for both the activator (in the knative-serving namespace) and the Revision pods (in the user namespace). There are three ways to manage this:
... snip ...
For the initial Alpha release, we will implement approach 2 and reduce scope by keeping the activator always (and only) in the set of Knative Revision endpoints exposed to the KIngress.

the alpha release does not support the encrypted traffic between ingress and queue-proxy but it is a temporary state and we should support it.

[github-actions]

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

[nak3]

This is possible to support if we sign the server certs in activator and queue-proxy by the same CA and SAN.

However, it is better to support different SAN or CA for the server certs on each namespace, which means the support of the encrypted traffic between ingress and queue-proxy is very difficult.

[github-actions]

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

[psschwei]

/remove-lifecycle stale

[github-actions]

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

[psschwei]

/remove-lifecycle stale