support certgen in rama-cli

[GlenDC]

• generate server / client certs
• fully self-signed, or by passing it a root (CA)
• via cli opts and asking input where missing

to be used as rama certgen ...
e.g. rama certgen --out /tmp/localhost.crt --key-out /tmp/localhost.key

To make this work a public API will also need to be made available in rama-tls, to expose generating
certs in a friendly manner, as that's currently only accessible by those services.

[NOOMA-42]

I'm interested in this. Could you assign me?

[GlenDC]

Hi @NOOMA-42 normally I would say yes. However a week or two I have realised that the current tls support in Rama needs a complete rework, as it currently has serious limitations and a lot of awkwardness in its UX due to its flawed design.

The gist of it will be that I'm dropping the entire one TLS API to rule them all and instead have rustls and boring live in their own modules or crates isolated from one another. With our core focus on boring.

This will be something for 0.3 however and so until then I think it's better to have a freeze on smaller tls issues like this.

Sorry for the confusion though, didn't update these tls issues after I made this decision a week or two ago.

Feel free to pick something else up though. Or if you don't find something do talk to me on discord, do got some other things in mind that can be done.