[SECURESIGN-1465] Enable customer provided cert for Fulcio

[fghanmi]

Changes in this PR:

• Accept user-provided certificate/private key (if not, generate automatically Fulcio root - as before)
• Allow the configuration of the Certificate attributes {organization_name, organization_email, common_name}

[bkabrda]

Thanks for the PR, I think this works really well, except some scenarios with cert/key changes that I think would not be covered right now. Specifically, in the certificates.yml file:

• The whole Create Fulcio root block is only ran if one of the files is missing on the managed node. We can no longer do this, as we have to expect the user to e.g. first let the role generate key automatically and then later provide their own cert or change the settings somehow (or rotate their provided cert etc). I think this will be tricky to handle but we have to do it and consider all scenarios when user changes from one way of doing something to another way.
• The same applies to the Create Fulcio public key task, which would now only run when the public key file doesn't exist (because of the creates).
• Same for Create self-signed Fulcio root from CSR.
• I think the Create certificate signing request (CSR) for Fulcio root certificate with your changes will run every time and generate a different cert, which is not what we want.

I know this is going to be tedious, but we have to switch from the "do these things" mindset here to "ensure the files are in the desired state". Let me know if you need any help.