Function try_tls_acceptor 

pub fn try_tls_acceptor(enforce_client_tls: bool) -> Option<TlsAcceptor>

Try to build a TlsAcceptor for an HTTP server by probing for available TLS certificates.

Detection order:

1. OSS / explicit config — HYPERACTOR_TLS_CERT, HYPERACTOR_TLS_KEY, and HYPERACTOR_TLS_CA (read via hyperactor_config).
2. Meta default paths — /var/facebook/x509_identities/server.pem and /var/facebook/rootcanal/ca.pem. These are present on devservers and in MAST / Tupperware containers.
3. None — no usable certificates found; caller should fall back to plain HTTP.

When enforce_client_tls is true, the returned acceptor requires clients to present a valid certificate signed by the configured CA (mutual TLS via WebPkiClientVerifier). When false, the acceptor authenticates itself but does not demand client certificates.