Validate component certs by default

[ctlong]

What is this issue about?

cf-deployment currently skips verification of certificates for certain inter-component communications by default, with an ops file to stop skipping certificate validation.

We would expect the reverse, that cf-deployment be the most secure by default, with an ops file to make it insecure as desired.

What version of cf-deployment are you using?

cf-deployment v17.1.0

Please include the bosh deploy... command, including all the operations files (plus any experimental operation files you're using):

N/A

Please provide output that helps describe the issue:

N/A

What IaaS is this issue occurring on?

N/A

Is there anything else unique or special about your setup?

N/A

Tag your pair, your PM, and/or team!

@mkocher @acrmp

[ctlong]

We tried to resolve this in #952. However, the CF-D pipeline environments use self-signed certs, which prevented tests from passing. Therefore, created we were forced to revert that PR, and have created this issue to track future work.

Tim Downey also noted that many of the present cert validation skips are in place due to a long-standing issue with validating certs for space-scoped service brokers in CC_NG.

[jochenehret]

Current status: "cedric", "bbr" and "cats" environments still use self-signed load balancer certificates. The other test environments use the relint_ca root certificate and have TLS enabled.