chore: add rabbitmq cert secret script and plugins configmap

- add rabbitmq-certs-secret.sh helper to create the server cert secret
  - add rabbitmq-plugins-config.yaml ConfigMap enabling ssl auth, management,
    prometheus, and web dispatch plugins
  - rename rabbitmq Deployment from `eventrt-rabbitmq` to `rabbitmq`
  - document the secret-creation script in deploy.md

deploy/deploy.md

@@ -640,6 +640,12 @@ openssl x509 -in eventrt_client_cert.pem -noout -subject
 
 将服务器端三个证书文件打包为 K8s Secret（在证书文件所在目录执行）：
 
+```bash
+sh deploy/k8s/rabbitmq-certs-secret.sh
+```
+
+该脚本等价于：
+
 ```bash
 kubectl create secret generic rabbitmq-certs \
   --from-file=ca_certificate.pem=./ca_certificate.pem \

deploy/k8s/rabbitmq-certs-secret.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+# Create the rabbitmq server certificate secret.
+# Run this script from the directory that contains the three cert files,
+# or adjust the paths below to point at the actual files.
+#
+# Expected files (generated during RabbitMQ TLS setup):
+#   ca_certificate.pem
+#   server_certificate.pem
+#   server_key.pem
+
+kubectl create secret generic rabbitmq-certs \
+  --from-file=ca_certificate.pem=./ca_certificate.pem \
+  --from-file=server_certificate.pem=./server_certificate.pem \
+  --from-file=server_key.pem=./server_key.pem

deploy/k8s/rabbitmq-deployment.yaml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: eventrt-rabbitmq
+  name: rabbitmq
 spec:
   replicas: 1
   selector:

deploy/k8s/rabbitmq-plugins-config.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rabbit-plugins-conf
+data:
+  enabled_plugins: |
+    [rabbitmq_auth_mechanism_ssl, rabbitmq_management, rabbitmq_management_agent, rabbitmq_prometheus, rabbitmq_web_dispatch].