new role to generate self-signed certificates

[NavidSassan]

Use case 1 - Standalone server:

• CA is generated
• Certificate for hostname --long will be generated. Subject Alternative Names: hostname, localhost, 127.0.0.1, (primary IP?)

Use case 2 - Shared CA for a vDC. CA files live on an infrastructure/CA VM 'infra-vm'

• CA is created on 'infra-vm' ca_host_delegate_to: 'infra-vm'
• Use CA to create the certificates and import it into the target VM's CA trust store

Variables:

• path
• CN, SAN
• extensions
• algorithms
• key size

The role must accept injections from other roles, e.g. MariaDB. Caution: MariaDB Standalone can hold a MariaDB CA, but MariaDB Galera clusters require a shared CA.

[NavidSassan]

maybe with https://smallstep.com/certificates/index.html?