refactor: 重构trustlog-sdk目录结构到trustlog/go-trustlog

- 将所有trustlog-sdk文件移动到trustlog/go-trustlog/目录
- 更新README中所有import路径从trustlog-sdk改为go-trustlog
- 更新cookiecutter配置文件中的项目名称
- 更新根目录.lefthook.yml以引用新位置的配置
- 添加go.sum文件到版本控制
- 删除过时的示例文件

这次重构与trustlog-server保持一致的目录结构，
为未来支持多语言SDK（Python、Java等）预留空间。

api/adapter/tls_config.go

@@ -0,0 +1,123 @@
+package adapter
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"os"
+
+	"github.com/apache/pulsar-client-go/pulsar"
+	"github.com/apache/pulsar-client-go/pulsar/auth"
+
+	"go.yandata.net/iod/iod/trustlog-sdk/api/logger"
+)
+
+// tlsConfigProvider defines the interface for TLS configuration.
+type tlsConfigProvider interface {
+	GetTLSTrustCertsFilePath() string
+	GetTLSCertificateFilePath() string
+	GetTLSKeyFilePath() string
+	GetTLSAllowInsecureConnection() bool
+}
+
+// configureTLSForClient configures TLS/mTLS settings for the Pulsar client.
+func configureTLSForClient(opts *pulsar.ClientOptions, config tlsConfigProvider, logger logger.Logger) error {
+	// If no TLS configuration is provided, skip TLS setup
+	if config.GetTLSTrustCertsFilePath() == "" &&
+		config.GetTLSCertificateFilePath() == "" &&
+		config.GetTLSKeyFilePath() == "" {
+		return nil
+	}
+
+	// Configure TLS trust certificates
+	if config.GetTLSTrustCertsFilePath() != "" {
+		if _, err := os.ReadFile(config.GetTLSTrustCertsFilePath()); err != nil {
+			return errors.Join(err, errors.New("failed to read TLS trust certificates file"))
+		}
+		opts.TLSTrustCertsFilePath = config.GetTLSTrustCertsFilePath()
+		logger.Debug(
+			"TLS trust certificates configured",
+			"path", config.GetTLSTrustCertsFilePath(),
+		)
+	}
+
+	// Configure TLS allow insecure connection
+	opts.TLSAllowInsecureConnection = config.GetTLSAllowInsecureConnection()
+
+	// Configure mTLS authentication if both certificate and key are provided
+	if config.GetTLSCertificateFilePath() != "" && config.GetTLSKeyFilePath() != "" {
+		// Load client certificate and key
+		cert, err := tls.LoadX509KeyPair(
+			config.GetTLSCertificateFilePath(),
+			config.GetTLSKeyFilePath(),
+		)
+		if err != nil {
+			return errors.Join(err, errors.New("failed to load client certificate and key"))
+		}
+
+		// Create TLS authentication provider
+		// Pulsar Go client uses auth.NewAuthenticationTLS with certificate and key file paths
+		tlsAuth := auth.NewAuthenticationTLS(
+			config.GetTLSCertificateFilePath(),
+			config.GetTLSKeyFilePath(),
+		)
+
+		opts.Authentication = tlsAuth
+		logger.Debug(
+			"mTLS authentication configured",
+			"cert", config.GetTLSCertificateFilePath(),
+			"key", config.GetTLSKeyFilePath(),
+		)
+
+		// Verify the certificate is valid
+		if _, parseErr := x509.ParseCertificate(cert.Certificate[0]); parseErr != nil {
+			return errors.Join(parseErr, errors.New("invalid client certificate"))
+		}
+	} else if config.GetTLSCertificateFilePath() != "" || config.GetTLSKeyFilePath() != "" {
+		return errors.New(
+			"both TLS certificate and key file paths must be provided for mTLS authentication",
+		)
+	}
+
+	return nil
+}
+
+// GetTLSTrustCertsFilePath returns the TLS trust certificates file path for PublisherConfig.
+func (c PublisherConfig) GetTLSTrustCertsFilePath() string {
+	return c.TLSTrustCertsFilePath
+}
+
+// GetTLSCertificateFilePath returns the TLS certificate file path for PublisherConfig.
+func (c PublisherConfig) GetTLSCertificateFilePath() string {
+	return c.TLSCertificateFilePath
+}
+
+// GetTLSKeyFilePath returns the TLS key file path for PublisherConfig.
+func (c PublisherConfig) GetTLSKeyFilePath() string {
+	return c.TLSKeyFilePath
+}
+
+// GetTLSAllowInsecureConnection returns whether to allow insecure TLS connections for PublisherConfig.
+func (c PublisherConfig) GetTLSAllowInsecureConnection() bool {
+	return c.TLSAllowInsecureConnection
+}
+
+// GetTLSTrustCertsFilePath returns the TLS trust certificates file path for SubscriberConfig.
+func (c SubscriberConfig) GetTLSTrustCertsFilePath() string {
+	return c.TLSTrustCertsFilePath
+}
+
+// GetTLSCertificateFilePath returns the TLS certificate file path for SubscriberConfig.
+func (c SubscriberConfig) GetTLSCertificateFilePath() string {
+	return c.TLSCertificateFilePath
+}
+
+// GetTLSKeyFilePath returns the TLS key file path for SubscriberConfig.
+func (c SubscriberConfig) GetTLSKeyFilePath() string {
+	return c.TLSKeyFilePath
+}
+
+// GetTLSAllowInsecureConnection returns whether to allow insecure TLS connections for SubscriberConfig.
+func (c SubscriberConfig) GetTLSAllowInsecureConnection() bool {
+	return c.TLSAllowInsecureConnection
+}