Implement certificate generator

[kate-osborn]

Parent ticket: #292

The communication channel between the agent and control plane must be secure by default (TLS). Rather than providing a long-lived self-signed certificate for development and testing purposes, provide a Kubernetes Job that generates the control plane's keypair, certificate, and the CA bundle. Look into using the Kubernetes Certificate Signing Requests.

A/C:

• During install, a Kubernetes Job is created that generates the control plane's keypair, certificate, and CA bundle and writes them to Kubernetes Secrets.
• The CA bundle is mounted to the agent's Pod as a volume, and the path to the bundle is specified in the agent's configuration file or via command line flags.
• The control plane's keypair and certificate are mounted to the control plane's Pod, and the path is provided to the control plane via a command line flag.
• The control plane can handle certificate rotation without having to restart.
• A ticket has been filed against the agent to handle CA certificate rotation.

Aha! Link: https://nginx.aha.io/features/NKG-39