* Add bot field to certificates and various usage events

This adds a new certificate extension field, `teleport-bot`, to
certificates issued to Machine ID bot users that can definitively
identify certificates as having been issued to a bot user.

Additionally, this uses the new `Bot` identity flag to mark certain
usage events as originating from bot users. As such, it includes a
protobuf update from Cloud [1], which pulled in some small additional
(mostly comment) changes.

[1] gravitational/cloud#7060

* Small bot flag plumbing fixes

* Convert bot flag to BotName and UserKind enum

This makes a few changes to the bot tagging approach:
* The bot name is embedded in the cert rather than just true/false
* UserKind is included in events rather than just a bot flag, to
  allow for an unspecified value for older client nodes.

* Add a quick unit test for bot cert extensions

* Fix outdated grpc

* Include bot flag on initial certs

* Log a warning and override user kind for usage records if they differ

* Fix several unit tests; add a bot metadata test case

* Fix unit tests with UserKind zero value

* Rename SSH cert extension to use standard format

Renames the `teleport-bot` extension to `bot-name@goteleport.com`,
to better follow SSH cert extension naming conventions.

* Attempt to improve unspecified userkind aggregating logic

…bot-flag-usage-events

…bot-flag-usage-events