Replace LB with Traefik ingress for TLS + basic auth

- Remove m3coordinator LoadBalancer service (was using deprecated AutoSSL)
- Add Traefik ingress controller with Let's Encrypt ACME
- Add basic auth middleware for external access
- Update test scripts with auth support and fixed protobuf encoding
- Add multi-tenancy documentation (label-based isolation)
- Update README with Traefik deployment instructions

08-basic-auth-middleware.yaml

@@ -0,0 +1,32 @@
+##############################################################################
+# Basic Auth Middleware for Traefik
+# CHANGE THE PASSWORD BEFORE PRODUCTION USE!
+#
+# To generate a new htpasswd entry:
+#   htpasswd -nb <username> <password>
+# Then base64 encode it:
+#   echo -n '<htpasswd-output>' | base64
+# Update the secret below with the new value.
+##############################################################################
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: basic-auth-secret
+  namespace: m3db
+type: Opaque
+# htpasswd -nb example example
+stringData:
+  users: |-
+    example:$apr1$oMBgtfpd$CBTS17sDq7GN58qaoIMvh.
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+  namespace: m3db
+spec:
+  basicAuth:
+    secret: basic-auth-secret