Require SSL certificate hash on login by default

Note that it's possible to set a config option to disable this functionality
on a per-environment basis (we're disabling it for sandbox), but in general
SSL certificate hashes should be required for increased security.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=225053496

java/google/registry/config/RegistryConfig.java

@@ -573,6 +573,17 @@ public final class RegistryConfig {
       return beamBucketUrl + "/templates/spec11";
     }
 
+    /**
+     * Returns whether an SSL certificate hash is required to log in via EPP and run flows.
+     *
+     * @see google.registry.flows.TlsCredentials
+     */
+    @Provides
+    @Config("requireSslCertificates")
+    public static boolean provideRequireSslCertificates(RegistryConfigSettings config) {
+      return config.registryPolicy.requireSslCertificates;
+    }
+
     /**
      * Returns the default job zone to run Apache Beam (Cloud Dataflow) jobs in.
      *

java/google/registry/config/RegistryConfigSettings.java

@@ -92,6 +92,7 @@ public class RegistryConfigSettings {
     public String rdapTos;
     public String rdapTosStaticUrl;
     public String spec11EmailBodyTemplate;
+    public boolean requireSslCertificates;
   }
 
   /** Configuration for Cloud Datastore. */

java/google/registry/config/files/default-config.yaml

@@ -183,6 +183,11 @@ registryPolicy:
     If you have any questions regarding this notice, please contact
     {REPLY_TO_EMAIL}.
 
+  # Whether to require an SSL certificate hash in order to be able to log in
+  # via EPP and run commands. This can be false for testing environments but
+  # should generally be true for production environments, for added security.
+  requireSslCertificates: true
+
 datastore:
   # Number of commit log buckets in Datastore. Lowering this after initial
   # install risks losing up to a days' worth of differential backups.