Make node TLS certificates totally ephemeral

[kostko]

Node TLS certificates used for authenticating gRPC connections should be made totally ephemeral (e.g., regenerated periodically while the node is running) and validity of such certificates should be shortened (e.g., regenerate every X epochs, valid for ~X+1 epochs).

Care needs to be taken to not make the node unreachable until the next epoch transition as currently the other nodes will only update their local cache on an epoch transition.

The transition could look like this:

• Certificate K is in use and registered.
• Epoch X-1: Certificate K' is generated but not yet in use (K is still in use). Node registers {K, K'} as valid certificates.
• Epoch X: Certificate K' is now in use, K is erased. Node registers {K'} as a valid certificate.

This would give enough time for propagating the updated certificate. Care must be taken to properly propagate these changes when using Sentry gRPC nodes.

For dynamically supplying certificates to the gRPC server we can use the GetCertificate callback in the tls.Config structure.

[kostko]

Care needs to be taken to not make the node unreachable until the next epoch transition as currently the other nodes will only update their local cache on an epoch transition.

Related to #1794 (comment).