Ledger secrets rotation/re-keying online

[achamayou]

It should be possible to rotate ledger secrets (which are at the moment the same as network secrets) without executing a full recovery process. This is necessary to enable key-shares, as described in the TR, as opposed to the current sealing key approach.

[jumaffre]

Tasks identified so far to get this working:

• Split network secrets into network identity and ledger key. At the moment, all secrets are updated in one go during recovery but re-keying should only affect the ledger key sd.
• Figure out a way to be resilient to elections. The new ledger key needs to be written to the ledger, encrypted under a key shared between the current leader (and not the leader that the follower joined) and the followers -> Create a new node key-pair for encryption purposes.
• Create a new member RPC to trigger re-keying (possibly taking an optional KV index argument to re-key from?).
• Refactor nodestate.h codes that deals with writing to the ccf.secrets table so that it is available as a generic utility.

[achamayou]

Guaranteeing that transactions happen at a given index is going to be difficult, it's probably much easier and equally usable to return from what index the re-keying applies once it's done instead.

[achamayou]

Also, wrt point 3, the leader id gets written in the KV on each signature.