Update safely a certificate pool with GetConfigForClient

[maraino]

The SDK does not remove the old roots as it's not possible to safely change the RootCAs/ClientCAs directly on the tls.Config. But tls.Config method GetConfigForClient allows to get a custom tls.Config after a ClientHello. More information:
https://tip.golang.org/pkg/crypto/tls/#Config.GetConfigForClient
https://diogomonica.com/2017/01/11/hitless-tls-certificate-rotation-in-go/

[maraino]

We can do this safely for a server but not for a client.
Waiting for golang/go#22836 to be implemented

[dopey]

In v0.8.3 we released features that enabled root rotation and CA cross federation. In v0.8.4 we're releasing enhancements that allow clients and servers in the Golang SDK to automatically update the Root and Client CA Certificates in their TLSConfig when they renew their Certificates with the step Certificate Authority. Clients and Servers running the updated version will continuously stay up to date with Root and Federation changes applied in the step CA.