command/server: add dev-tls flag

[jasonodonnell]

This adds new server subcommands, -dev-tls and -dev-tls-cert-dir, which will generate self-signed CA, server certificate, private key and will configure Vault to use them for TLS. This is helpful if you want to do dev work against a TLS enabled server. The generated certs are valid for 1 year.

During startup, the server will output the location of the CA so you can easily set the VAULT_CACERT environment variable:

[~/vault] vault server -dev-tls
==> Vault server configuration:
...
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variable:

    $ export VAULT_ADDR='https://127.0.0.1:8200'
    $ export VAULT_CACERT='/var/folders/xh/8_phfcd132gfsx4gwbfcnwkm0000gq/T/vault-tls2597705420/vault-ca.pem'
...

Additionally you can specify -dev-tls-cert-dir to configure the directory where the TLS files are created. This will be helpful for guides and automated environments.

[cipherboy]

I really should've batched these comments... :-/

But over all, I really like this and its something I've been wanting to do for a while (I added a tlsvault userscript instead which also has agent capabilities).

Other than the comments above, the one below is the only one I'd really suggest changing unless other people have strong comments. Looks good from a crypto perspective though. :-)

[cipherboy]

Three nits you can ignore if you want, but a reasonable suggestion to avoid duplicate code with the SDK (that'd fix another nit). :-)

[cipherboy]

New cert changes look perfect. :-)

[averche]

A few nit comments, feel free to ignore. Otherwise, the feature looks great and should be super helpful!

[yhyakuna]

Only reviewed the docs file (server.mdx), but looks good to me. Super excited about this feature.