feat: add optional TLS support for MQTT connections

[jviets]

Summary

Adds optional TLS support for MQTT connections, enabling secure communication with brokers that require TLS (e.g., HiveMQ Cloud on port 8883).

Changes

• TLS client support: Add WiFiClientSecure alongside WiFiClient for runtime selection based on config
• MQTT_TLS config variable: New boolean in Globals.h/cpp, persisted in DoNotTouch.json
• Web UI toggle: TLS checkbox in the MQTT settings section
• Deferred HAMqtt init: Move HAMqtt construction from global scope to MQTTManager::setup() to allow runtime client selection (secure vs plain)
• Null-safety: Add mqttPtr null checks in publish(), rawPublish(), tick(), beginPublish(), writePayload(), endPublish() to prevent crash if MQTT methods are called before setup()
• Upload speed: Reduce default upload_speed to 115200 for more reliable serial flashing

Usage

1. In the AWTRIX web UI, go to MQTT settings
2. Enable the TLS checkbox
3. Set port to 8883 (or your broker's TLS port)
4. Save and restart

Uses setInsecure() mode (no certificate verification) to keep flash size minimal while still encrypting the connection.

Testing

• Tested with HiveMQ Cloud (TLS on port 8883) — connects and receives messages
• Tested without TLS — backwards compatible, no behavior change
• Verified no crash on boot when MQTT is not configured (null-safety checks)

[eku]

If this ever get accepted by @Blueforcer I would suggest to make this also a compile time option. Flash and RAM are limited and a compile time option allows to remove any unused functionality from firmware image. Most of us do not need TLS in private IoT networks.

[jviets]

Hey @eku, fair enough! I implemented this for my specific use case and have successfully compiled, flashed, and deployed it on my device. I'm simply offering this PR in case it benefits the project.