Renew node certificate proposal

[jumaffre]

Part of #2893

WIP Now ready for review

This PR adds a new proposal action set_node_certificate_validity (and associated set_all_nodes_certificate_validity) to renew the certificate of a node.

The changes most concern:

• The OpenSSL functions to manipulate time (see x509_time.h)
• The certificate crypto API: caller can now specify a valid_from and valid_to string when creating a certificate
• New CLI arguments to cchost (passed to the enclave, with one recorded in the service configuration table)
• New JavaScript proposal actions
• End-to-end testing. In particular, the infra remembers the validity period for a certificate so that the expected certificate validity period can be verified in the full_test_suite.

TODO:

• Changelog
• Docs
• Remove hardcoded node certificate validity period and use host time on node creation instead
• Add test for service certificate
• Agree on strategy for initial validity period for joining nodes
• Add validity_period_days parameter to transition_node_to_trusted proposal
• Tighten end-to-end tests
• Figure out strategy for adding fields to KV table and backwards compatibility
• Local hook -> global hook to certificate refresh (follow-up PR, as requires extra refactoring)

[jumaffre]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 4 pipeline(s).

[jumaffre]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 4 pipeline(s).