fix(http-client): reuse http.Transport to prevent ephemeral port exhaustion

[sk4mi]

Use a process-level cache of http.Client instances keyed by TLS config and timeout. This ensures connection pooling across reconcile cycles, preventing TCP connection leaks that exhaust the ephemeral port range.

• Cache http.Client/Transport in a package-level sync.Map keyed by SHA-256 of TLS config + timeout
• Fix response.Body.Close() ordering with defer to prevent leaks if io.ReadAll() fails
• All TLS configurations (plain, InsecureSkipVerify, custom CA/certs) are cached uniformly

Description of your changes

This PR fixes ephemeral TCP port exhaustion caused by creating a new http.Client and http.Transport on every SendRequest() call. Since NewClient() is called per-reconcile via Connect(), any per-instance state is destroyed each cycle, so transports were never reused — leaving idle connections in TCP TIME_WAIT until the entire ephemeral port range was exhausted.

What changed:

• Introduced a process-level sync.Map cache (httpClientCache) that stores http.Client instances keyed by a SHA-256 hash of their TLS configuration + timeout. This ensures transport reuse across reconcile cycles for all connection types (plain HTTP, InsecureSkipVerify, custom CA bundles, client certificates).
• Fixed response.Body.Close() to use defer immediately after the response is received, preventing body/connection leaks if io.ReadAll() fails.

Reviewers should note:

• The cache is intentionally unbounded — in practice, the number of distinct TLS config + timeout combinations is very small (typically 1-3). Adding eviction would add complexity with no real benefit.
• LoadOrStore is used instead of Load/Store to handle the race where two goroutines create clients for the same key simultaneously — only one wins, the other is discarded.
• The Client interface and all external behavior are unchanged. This is a purely internal optimization.

Production context: This was observed on a production cluster where a single provider-http pod accumulated 28,280 open sockets, exhausting the Linux ephemeral port range (32768-60999) and causing dial tcp: connect: cannot assign requested address errors at ~16/min.

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

The fix was validated at multiple levels:

Unit tests (new):

• TestHTTPClientCacheReuse: Two separate client instances (simulating consecutive reconcile cycles) with identical TLS config receive the same cached http.Client from the process-level sync.Map, confirming cross-reconcile transport reuse.
• TestTransportReuse: Sends 50 sequential HTTP requests through a single client instance and verifies all succeed — proving connection reuse and no port leak under sustained load.

Existing tests (unchanged, all pass):

• TestSendRequest covers GET, POST, custom headers, auth token, InsecureSkipVerify, and invalid TLS — all go through the new cache path.
• TestSendRequestIntegration performs end-to-end requests against httptest.NewTLSServer with real TLS handshakes.
• TestHTTPClientConfiguration confirms timeout propagation and proxy settings are preserved on cached clients.
• TestBuildTLSConfig (10 sub-tests) validates all TLS config permutations (nil, empty, CA bundle, client certs, InsecureSkipVerify).

CI gate:

• make reviewable test passes (golangci-lint, go vet, all project tests).