[BACKPORT] Ability to use "long lasting" Kubernetes certificates - 0.6.x backport

[mkyc]

Is your feature request related to a problem?
By design Kubernetes assumes all newly created certificates have expiration time set to 1 year. There is really no automatic way to overcome that and modify expiration time.

Describe the solution you'd like
This issue is already fixed and implemented in task #1302 and we would like to backport it to 0.6.x and test it.

---
kind: configuration/kubernetes-master
title: "Kubernetes Master Config"
name: default
provider: azure
specification:
  advanced:
    certificates:
      location: /etc/kubernetes/pki
      expiration_days: 800
      renew: false

Recommended tests:

• single machine, single-master and HA installations
• parameter values: renew: true, renew: false with different periods, including default
• new installations using running epicli apply for the second time after changing parameters

Describe alternatives you've considered
it's possible to renew certs by kubeadm manually: kubeadm alpha certs renew apiserver, but we don't want to do it manually
kubeadm alpha certs renew apiserver

Additional context
These changes can be modified to work without openssl_* modules, with shell.

[atsikham]

Please also test limits for expiration_days. Schema validation should work with that.

[przemyslavic]

Tested:
✅ single machine
✅ single master + nodes
✅ HA installation
✅ parameter values: renew: true, renew: false
✅ different expiration_days, including default, custom and maximum (24855 days ~ 68 years)
✅ running epicli apply for the second time after changing parameters

No problems encountered ✔️