This is for Client-Server communication **Acceptance Criteria** - [ ] Operator has a canonical place where it looks up the keys - [ ] ZK authentication can be turned on/off via the ZK CRDs The default authn method is client TLS certificates. - [ ] When an agent presents a valid client TLS certificate, it is authenticated with ZK. - [ ] When an agent does not present a valid client TLS certificate or the certificate or owner is unkown to ZK, the user is blocked from accessing ZK (unless authn is turned of)