Configurable expire dates on certificates

[anton-johansson]

Currently all certificates expire 5 years after creation.

Do we want to utilize a parameter for this value? Also, maybe a separate parameter specifically for the common authority certificates for kube-apiserver and etcd, maybe also with a bit longer default?

Maybe also have another parameter for forcing recreation of common authorities, regenerate_ca_certificates=True (in additionl to regenerate_certificates).

When the time comes to renew certificates (common authorities specifically) it would be nice with a zero-downtime routine. I'll see if I can try to test this routine (as soon as I have time). If it only means downtime for state updates (such as Ingress controller config and node updates and similar), I think it's OK. As long as traffic are still routed properly to the containers.

[amimof]

PR #63 fixes this. It adds the certificate_expiry variable but regenerate_certificates variable is unchanged for now.