Postgres database engine lacks secure connection attributes

[mbrancato]

Describe the bug
There is currently no documentation on how to configure a Postgres DB backend to use TLS and specifically also client certificates. Presumably we would specify the file locations in the DSN, but there is no guidance on this nor specific parameters for accepting CA, cert, or key values when configuring a remote Vault server.

Is it not mentioned in the existing documentation, so I assume secure connections are not supported or require pre-staging the client certificates on the Vault server in a place where the pq library may access them. This makes it impossible to dynamically configure a secure Postgres DB connection.

Current documentation: https://www.vaultproject.io/api/secret/databases/postgresql

To Reproduce
Steps to reproduce the behavior:

1. Configure Vault to use a TLS PG server in verify-full mode

Expected behavior
Documentation and engine should provide a way to store the client cert and key assigned to Vault.

Environment:

• Vault Server Version (retrieve with vault status):
• Vault CLI Version (retrieve with vault version): 1.9.3
• Server Operating System/Architecture: 1.9.3 / linux

Additional context
pq docs: https://pkg.go.dev/github.com/lib/pq