Use common TLS parsing routine for etcd (#476)

* Use common TLS parsing routine for etcd

Change to use the new common routine, and update the docs to reflect
the different options for passing TLS configuration.

* Move middleware/tls to middleware/pkg/tls

This was put in the wrong place originally.

middleware/etcd/README.md

@@ -39,7 +39,11 @@ etcd [ZONES...] {
   pointing to external names. If you want CoreDNS to act as a proxy for clients, you'll need to add
   the proxy middleware. **ADDRESS** can be an IP address, and IP:port or a string pointing to a file
   that is structured as /etc/resolv.conf.
-* `tls` followed the cert, key and the CA's cert filenames.
+* `tls` followed by:
+  * no arguments, if the server certificate is signed by a system-installed CA and no client cert is needed
+  * a single argument that is the CA PEM file, if the server cert is not signed by a system CA and no client cert is needed
+  * two arguments - path to cert PEM file, the path to private key PEM file - if the server certificate is signed by a system-installed CA and a client certificate is needed
+  * three arguments - path to cert PEM file, path to client private key PEM file, path to CA PEM file - if the server certificate is not signed by a system-installed CA and client certificate is needed
 * `debug` allows for debug queries. Prefix the name with `o-o.debug.` to retrieve extra information in the
   additional section of the reply in the form of TXT records.