OpenIdConnectAuthIT and SamlAuthenticationIT should use a PEM trusted certificate

[jkakavas]

Build scan:
https://gradle-enterprise.elastic.co/s/gsk6sxygbkheg

Repro line:

Reproduces locally?: yes

Applicable branches: master, 7.x, 7.11

Failure history:

Failure excerpt:

These extend EsRestTestCase and should make use of CERTIFICATE_AUTHORITIES ( #66559) when building the rest client they use so that they dont have to use a jks keystore which is not allowed in fips mode

[elasticmachine]

Pinging @elastic/es-security (Team:Security)

[ywangd]

The SamlAuthenticationIT failures actually complained about short password. I raised #66976.

[jkakavas]

Also FACILITATOR_PASSWORD could be set to a new value that's > 14 chars. Given that we changed testclusters to use pbkdf2_stretch, it won't fail, but we still support pbkdf2 in fips mode and we might end up randomly testing with both in fips mode