Use polling to watch certificate paths

It's common for certificates to be rotated using symlinks and `FileSystemWatcher` doesn't resolve symlinks.  Use polling, which does, but only for certificates since it has a CPU cost.

Fixes dotnet#32351

Author: amcasey

src/Servers/Kestrel/Core/src/Internal/CertificatePathWatcher.cs

@@ -29,9 +29,15 @@ internal sealed partial class CertificatePathWatcher : IDisposable
 
     public CertificatePathWatcher(IHostEnvironment hostEnvironment, ILogger<CertificatePathWatcher> logger)
         : this(
-              hostEnvironment.ContentRootPath,
-              logger,
-              dir => Directory.Exists(dir) ? new PhysicalFileProvider(dir, ExclusionFilters.None) : null)
+            hostEnvironment.ContentRootPath,
+            logger,
+            dir => Directory.Exists(dir)
+                ? new PhysicalFileProvider(dir, ExclusionFilters.None)
+                {
+                    UseActivePolling = true,
+                    UsePollingFileWatcher = true,
+                }
+                : null)
     {
     }
 

src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs

@@ -894,7 +894,7 @@ public async Task CertificateChangedOnDisk(bool reloadOnChange)
 
             if (reloadOnChange)
             {
-                await fileTcs.Task.DefaultTimeout();
+                await fileTcs.Task.TimeoutAfter(TimeSpan.FromSeconds(10)); // Needs to be meaningfully longer than the polling period - 4 seconds
             }
             else
             {