Document how to decrypt certificates and private keys for tlsAuth outside of k6

[mstoykov]

As mentioned in the second part of grafana/k6#2435 (comment) k6 takes the certificates and private keys for tlsAuth as pem encoded strings(instead of as files or something else).

Due to that it's 100% possible to just provide them as environment variables and set them directly.

  tlsAuth: [
    {
      domains: ['example.com'],
      cert: __ENV.CERT,
      key: __ENV.KEY,
    },
  ],

Which also means that through a different command a user can extract them from a different format and then set it to an env variable possibly only for the k6 process.
KEY=`openssl ... <command to return the key on stdout>` k6 run script.js
This can be used as a workaround for grafana/k6#2435 and grafana/k6#2434 and any other such case for as long as k6 doesn't start supporting all of those.

It can also be used for any case where k6 might not ever get support for.

This seems like a good "How-to" guide or three showing how it can be done with something like openssl, vault, Get-ChildItem (from the second issue).

I would expect a lot of the time will be spend in actually making and testing the examples especially on multiple OSes, so it might be better if when this is being worked on to be split in multiple issues.

edit: for example around grafana/k6#2488 I could do

KEY=`openssl rsa -in client.key.pem -passin=pass:123456` k6 run tlsauth.js

with

export let options = {
  tlsAuth: [{
    cert: open("./client.cert.pem"),
    key: __ENV.KEY,
  }]
}

export default function() { }

instead of having the script

export let options = {
  tlsAuth: [{
    cert: open("./client.cert.pem"),
    key: open("./client.key.pem"),
    password: "123456",
  }]
}

export default function() { }

-passin also can take the password from files, or an env variable or even the stdin, which is the default. If you just skip adding stdin it will actually automatically ask for it and block the execution until you provide the password.