security/securitytest: generate test certs at runtime

[pritesh-lahoti]

Backport 1/1 commits from #167398.

/cc @cockroachdb/security

Summary

Backport of #167398 to release-26.2.0-rc. This replaces static, expiring test
certificates with runtime-generated ones, fixing test failures caused by
expired certs. Cherry-picked cleanly with no conflicts.

Epic: none
Release note: None
Release justification: Test fix

[blathers-crl]

Thanks for opening a backport.

Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate.

[blathers-crl]

Your pull request contains more than 1000 changes. It is strongly encouraged to split big PRs into smaller chunks.

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}

[cockroach-teamcity]

This change is 

[pritesh-lahoti]

/trunk merge

[trunk-io]

This PR's base branch doesn't have a Merge Queue configured, and it's not part of a stack that targets a branch with a Merge Queue. You can still merge it directly without using the Merge Queue.
Branches with merge queues enabled: master, release-24.3, release-24.3.29-rc, release-25.2, release-25.2.15-rc, release-25.2.16-rc, release-25.4, release-25.4.7-rc, release-26.1, release-26.1.2-rc, release-26.2

[pritesh-lahoti]

All CI checks have passed and the PR has been approved. Could someone with admin access merge this? The branch is locked and cannot be merged via the regular merge button or command line.