Feature: implement support multi-server cert requests and deployment

[webprofusion-chrisc]

Currently the app does not provide a single method for certificates requests to managed and deployed among multiple servers/services, although users can use custom scripting and other techniques to achieve shared certificate deployment.

While the Centralised Certificate Store (CCS) feature of windows allows shared distribution of a certificate it does not provide a scenario for custom distribution triggers to non-windows environments and does not provide a solution for shared challenge response responsibility (where one of multiple servers may be asked to respond to an acme-challenge, e.g. the http challenge response) as part of an overall certificate renewal request.

This is a tracking issue for the broader set of work required to provide a comprehensive solution for both load balanced/web farm scenarios and other certificate sharing scenarios.

Related issues #209, #324, #281, #29

The proposed solution is:

• Implement basic support for CCS as an option for people already using CCS to distribute certificates
• Implement a local API/system where one server can be in charge of initiating and completing certificate requests but many servers can participate in challenge response (by asking the master server what the challenge response should be). Enrollment to be controlled by a shared secret. Replacing the shared secret requires updating each client to continue being enrolled.
• Implement a local API/system allowing local distribution of a new certificate to those requesting clients which can prove possession of the shared secret.
• Potentially Implement a hosted API using a shared key for asset encryption whereby a new certificate can be distributed to entitled services via the API (if the client proves it knows the shared key, the API server will distribute the encrypted asset for the client to decrypt and use).