How to get ECK APM to work with any type of agent at all!?!

What do you mean "What TLS key file"? Here is the required TLS cert and key files at the APM server (as shared by your colleague APM agent TLS communication | APM User Guide [8.9] | Elastic)

The screenshot you shared is of the APM Integration policy editor. As I mentioned in the other topic, the APM Integration is not relevant when you're using the ApmServer ECK object kind. On the APM agent TLS communication | APM User Guide [8.11] | Elastic page, the bits about SSL/TLS input settings are only relevant when using the Elastic Agent & Fleet Server to manage APM. So just ignore that, ECK has configured your APM Server with TLS.

What's the use case of each? Any documentation for that!?!

See TLS certificates | Elastic Cloud on Kubernetes [2.10] | Elastic

"The public certificate is stored in a secret named -[es|kb|apm|ent|agent]-http-certs-public."

See also the script I shared above.

Mounted the public apm http cert in my app but to no avail!

Can you please share the deployment/pod spec for your application? I will also try to put together a more complete example tomorrow, including an application instrumented with an APM agent.