aibridge: Add TLS support for aibridgeproxyd listener

[jdomeracki-coder]

Description

Currently, the aibridgeproxyd service (AI Proxy) provides a mechanism to intercept and govern AI agent traffic. However, to support production-grade security requirements and air-gapped environments, the proxy needs the ability to serve its listener over TLS (HTTPS) and allow configuration for custom/self-signed certificates.

This enhancement will allow AI agents to communicate with the proxy over a secure channel.

Goals

• Enable HTTPS support for the aibridgeproxyd listener
• Provide standardized configuration via flags and environment variables for TLS certificates

Acceptance Criteria

• HTTPS Listener: aibridgeproxyd must be able to start an HTTPS server when cert/key files are provided
• Self-Signed Support: The service should correctly load and serve self-signed certificates if provided by the user

Documentation

• CLI Help: Update the command-line help strings for aibridgeproxy
• Service Docs: Add a section to the AI Bridge documentation (likely in docs/admin/governance/ai-bridge.md) explaining how to configure TLS for the proxy daemon
• Example Usage: Provide an example of generating a self-signed cert for local testing and configuring the proxy to use it

[ssncferreira]

As discussed internally, this can be an optional configuration (either use an HTTP or HTTPS Proxy), and we would need to update the documentation https://coder.com/docs/ai-coder/ai-bridge/ai-bridge-proxy/setup on how to configure AI Bridge Proxy as an HTTPS Proxy.