Strip trailing dot of hostname to fix SSL certificate verification issue (correct setup w/ unit test)

[fangnx]

Combining the original PR to address the trailing dot bug (#5231) which was reverted as it was breaking master and the PR to add unit test (#5244)

Jira: https://confluentinc.atlassian.net/browse/NONJAVACLI-4101

[confluent-cla-assistant]

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

[Copilot]

Pull request overview

This PR reapplies functionality to strip trailing dots from hostnames during SSL certificate verification, which was previously reverted. The trailing dot causes certificate validation failures because X.509 certificates don't include dots in Subject Alternative Names, while DNS uses them to indicate absolute FQDNs.

• Adds rd_kafka_ssl_normalize_hostname() function to strip trailing dots from hostnames
• Updates SSL endpoint identification to use normalized hostnames for both SNI and certificate verification
• Implements comprehensive unit tests for hostname normalization edge cases

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/rdkafka_ssl.c	Implements hostname normalization function and integrates it into SSL endpoint identification flow, adds unit tests
src/rdunittest.c	Registers the new SSL unit test in the test framework

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[emasab]

This is just static, the unit test runs from the same file.

Suggested change

	#if ENABLE_DEVEL
	RD_EXPORT
	#else
	static
	#endif
	const char *rd_kafka_ssl_normalize_hostname(const char *hostname,
	static const char *rd_kafka_ssl_normalize_hostname(const char *hostname,

[emasab]

Remove this condition as the rdkafka_ssl.c file is already included only when SSL is enabled. In Makefile:

SRCS_$(WITH_SSL) += rdkafka_ssl.c