fix(tlsgc): consolidate conf keypaths knowledge in `emqx_tls_lib`

So that this GC mechanism will be easier to maintain.

apps/emqx/src/emqx_tls_certfile_gc.erl

@@ -240,11 +240,11 @@ find_references(Root) ->
         Config
     ).
 
-is_file_reference([<<"keyfile">> | _]) -> true;
+is_file_reference(Stack) ->
-is_file_reference([<<"certfile">> | _]) -> true;
+    lists:any(
-is_file_reference([<<"cacertfile">> | _]) -> true;
+        fun(KP) -> lists:prefix(lists:reverse(KP), Stack) end,
-is_file_reference([<<"issuer_pem">>, <<"ocsp">> | _]) -> true;
+        emqx_tls_lib:ssl_file_conf_keypaths()
-is_file_reference(_) -> false.
+    ).
 
 is_string(Value) ->
     is_list(Value) orelse is_binary(Value).

apps/emqx/src/emqx_tls_lib.erl

@@ -31,6 +31,7 @@
     ensure_ssl_files/2,
     ensure_ssl_files/3,
     drop_invalid_certs/1,
+    ssl_file_conf_keypaths/0,
     pem_dir/1,
     is_managed_ssl_file/1,
     is_valid_pem_file/1,
@@ -371,6 +372,10 @@ is_valid_string(Binary) when is_binary(Binary) ->
         _Otherwise -> false
     end.
 
+-spec ssl_file_conf_keypaths() -> [_ConfKeypath :: [binary()]].
+ssl_file_conf_keypaths() ->
+    ?SSL_FILE_OPT_PATHS.
+
 %% Check if it is a valid PEM formatted key.
 is_pem(MaybePem) ->
     try