NSOF-9189 certificates: support configuring BYO certificates BYO certificates are CA certificates the admin configures and can be used in AAC rules in order to validate that the user has a device certificate signed by those CAs. In our API certificates are managed via our v1/certificates endpoints. Originally only "managed" certificates were supported, which means the caller provided a list of SANs and the service would create and manage respective certificates used by the service. With the introduction of AAC the certificates API was extended to support providing BYO CA certificates. Add a "certificate" string field - which is mutually exclusive with the "sans" field - to allow providing a certificate in PEM format. For implementation simplicity, two shortcuts are taken: - the certificate field uses a "ForceNew" attribute, which means the certificate cannot be changed on an existing object. This means that for now, if an AAC rule points to an existing certificate, and that certificate PEM needs to be changed, the AAC rule needs to be changed as well. - no support for BYO certificates in the certificate data source