Right now, the local vswitchd ovsdb-server database is exposed to clients (ovn-controller, vswitchd, configJob) as a AF_UNIX socket file that is mounted into client file namespaces as HostPath mount. These mounts demand special privileges to access hypervisor file system.

This task is to expose the local database service via a TCP AF_INET socket, instead of AF_UNIX. This task will also remove no longer needed host mount previously used to pass the AF_UNIX socket between containers.

NOTE: AF_INET service may be exposed to clients that previously did not have access to it. (because the service was provided via AF_UNIX.) This task should make sure that the new service endpoint is not available to unauthorized clients. Because ovsdb-server doesn't have any built-in authentication mechanism, this implies SSL certificates' configuration between ovsdb-server and its clients (ovn-controller, configJob, vswitchd).

NOTE2: SSL configuration for OVS/OVN clients is global at the moment, which means that they may have to reuse the same SSL certificates for authentication with ovsdb-server.