ARTEMIS-6046 Kubernetes LockManager implementation

[clebertsuconic]

This commit introduces a Kubernetes-based distributed lock implementation using a generic HTTP REST client abstracted from KubernetesLoginModule.

Key changes:
- Extracted reusable Kubernetes HTTP client to artemis-commons
- Implemented KubernetesLockManager using Kubernetes Lease API
- Implemented KubeMutableLong using Kubernetes ConfigMap for distributed counters
- Moved PemSupport and extracted KeyStoreSupport to artemis-commons to avoid circular dependencies
- Added AbstractDistributedLockManager base class with parameter validation
- Added tests using LockCoordinatorTest against real Kubernetes (via Minikube) and FakeMinikube MockServer
- Added user manual documentation with RBAC configuration examples
- Added smoke test configurations for Kubernetes-based dual-mirror setup

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

[gtully]

This is great, but I think we need to reduce the dependencies, with cve's popping up all over the place, we need to be reducing our surface area dependencies as much as possible.

Peek at the http client in the oidcloginmodule for inspiration, or the token review calls in the kubelogin module.
see: 98b24f02ae#diff-c0c7084d3381d18956a831a896c9124b9636a297630fa138513d3fc720560f45

[clebertsuconic]

I will try. There are date operations here that are not easy to manage.

[gemmellr]

Mostly havent looked at this, but would follow Gary's comment on the deps/shading-thereof, seem horrid, as likely could be maintaining the shading going forward (and the 12 seconds it takes isnt ideal either). With all the deps (at least some of which seem like dupes) I'd guess its not tiny either, so if its large I'm not necessarily seeing it as obvious we should add it to the distribution.

I cant comment on the actual lines, as GitHub is having an outage preventing new code comments on PRs lol, but...

The bom changes are broken. The entries are in the relocations/old-modules section of the bom, and as brand new modules these ones would not be expected to have any relocations (indeed you didnt add any, so the GAVs listed there wont ever exist and are just junk entries, which can break things inspecting them). As the only changes to the bom that also means that there are no bom entries for the actual module GAVs either, which means you must have have put the version fields in place elsewhere in the build instead of relying on the bom-managed entries (doing which would point out that the bom is currently broken).

[clebertsuconic]

@gemmellr I will see if I can connect directly to REST bits..

The kubernetes client has a few dependencies. and that's I am bringing.

I could also "fork" the code for what I need.. since all the kubernetes client does on this is to execute rest calls. The difficult part here is the dates operation and initial certificate validation.

Let me see what I can do and i will come back here.

[gtully]

I don't like the commit message email at the end. I am using a simpler "AssistedBy: Claude" trailer. you are still the author and responsible entity.

[gtully]

I think it would be valuable to track the spec leaseTransitions attribute. It is good information to be visible in case there is flip/flop.
https://kubernetes.io/docs/reference/kubernetes-api/coordination/lease-v1/#LeaseSpec:~:text=last%20observed%20renewTime.-,leaseTransitions,-integer

[gemmellr]

I haven't looked at the changes beyond the pom files, but I notice some of the things I commented on before are still needing updated so I commented on the actual files/lines this time (file/line commenting was having an outage last time I looked so I couldn’t then)

[clebertsuconic]

I have executed LockCoordinatorTest (testWithMinikube and testWithFakekube) at least 1K times each without any failures.

I had a few failures that I had to fix and harden the implementation. I tested this quite a lot.

And that includes a new test I added to validate skewed time between servers.