Doc: Distributed Monitoring: add section "External CA/PKI"

[Al2Klimov]

The following already works:

• Custom key sizes, e.g. 2048 bits
• Custom key types, e.g. ECC
• Multiple trusted root CAs in /var/lib/icinga2/certs/ca.crt
• Different root CAs per cluster subtree, as long as each node trusts the issuers of the certificates of all nodes it's directly connected to
• Any number of intermediate CAs

refs #9798
refs #7323

[Al2Klimov]

FYI @bobapple @widhalmt @tbauriedel

[Al2Klimov]

FWIW, we've already written this under https://icinga.com/solutions/monitoring-and-security/

Secure Communication

(...)

• Create a custom Certificate Authority (CA) or use your existing one

[oxzi]

In general, I am happy with this addition to the docs. There are only two points left (next to my inline comment):

1. Please expand the contracted forms of the words, like "don't" to "do not".
2. This may be optional, but might help. What about actual commands showing how to use an external CA? At the moment, this section is on a very theoretical level. If you say this theoretical approach is enough, I am fine with this as well.

[Al2Klimov]

1. Please expand the contracted forms of the words, like "don't" to "do not".

I could do it, but what for? Also, see e.g: grep -rnFwe "don't" doc

2. This may be optional, but might help. What about actual commands showing how to use an external CA? At the moment, this section is on a very theoretical level.

And that's perfect. We're not responsible for what we don't provide. :-)

If you say this theoretical approach is enough, I am fine with this as well.