feat: Support selective ssl/tls backend in rust-server to optionally remove openssl

[dsteeley]

The rust-server always brings in hyper-openssl as a dependency even though it's not always required.
I've therefore reconfigured the features of rust-server to support removing hyper-openssl from the dependencies. Currently this isn't backwards compatible where the default features don't specify an SSL backend. Users wanting this function for their Client must specify client-tls or client-openssl.

This is an anti-pattern to standard feature flagging of TLS backend. @wing328 would it be acceptable to put a "breaking" change in where we set the default to be not including openssl and document that if users want to use hyper-openssl then they should select that feature?

PR checklist

• Read the contribution guidelines.
• Pull Request title clearly describes the work in the pull request and Pull Request description provides details about how to validate the work. Missing information here may result in delayed response from the community.
• Run the following to build the project and update samples:

  ./mvnw clean package || exit
  ./bin/generate-samples.sh ./bin/configs/*.yaml || exit
  ./bin/utils/export_docs_generators.sh || exit
  

  (For Windows users, please run the script in WSL)
  Commit all changed files.
  This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
  These must match the expectations made by your contribution.
  You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example ./bin/generate-samples.sh bin/configs/java*.
  IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
• File the PR against the correct branch: master (upcoming 7.x.0 minor release - breaking changes with fallbacks), 8.0.x (breaking changes without fallbacks)
• If your PR solves a reported issue, reference it using GitHub's linking syntax (e.g., having "fixes #123" present in the PR description)
• If your PR is targeting a particular programming language, @mention the technical committee members, so they are more likely to review the pull request.

---

Summary by cubic

Adds a single TLS feature for rust-server clients and removes the unconditional OpenSSL dependency. Clients are HTTP-only by default; enable HTTPS via client-tls, which uses native-tls on macOS/Windows/iOS and OpenSSL elsewhere.

• New Features

  • Introduced client-tls with automatic backend selection; removed client-openssl.
  • Default features exclude TLS to minimize dependencies.
  • Updated templates, samples, README, and CI to build HTTP-only and client-tls variants.

• Migration

  • Breaking change: explicitly enable HTTPS via client-tls.
  • Example: cargo build --no-default-features --features=client,client-tls.
  • TLS helpers in the swagger crate are gated behind client-tls.

^{Written for commit a8e6ee2. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 43 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name=".github/workflows/samples-rust-server.yaml">

<violation number="1" location=".github/workflows/samples-rust-server.yaml:71">
P2: CI doesn’t build the `client-openssl` feature even though rust-server samples define it, so OpenSSL client builds can break without detection.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[holdeg]

• curious about the change to this parameter name as I think regardless of which feature we end up in, this function does invoke args by passing it to Client::try_new
• is it right that native-tls-based TLS looks the same as the "no TLS" branch below? I was expecting something that looks more like the previous branch with configured certs

[holdeg]

(new incantation post-push lgtm)