Parameterize PKI certs location

[mansishr]

For manual PKI exchange, certificates are stored under 'cert' directory inside workspace by default. This PR decouples the location of certificates from workspace in that the user can now specify certificate path to store certs which can reside outside the workspace.

• For CA, cert_dir can be passed, where all CA certs and keys can reside. To store signing-ca.crt, certificate chain (cert_chain.crt) and signing-ca.key, use cert_pathand key_path to specify locations.
• For both aggregator and collaborator, use cert_path and key_path to store aggregator (or collaborator) certificate and key, respectively.
• Introducing fx workspace participants that let's the CA/aggregator select a subset of certified collaborators for a federation by modifying plan/cols.yaml.

[igor-davidyuk]

What if we allow user to provide paths to certificates and keys? This way we do not implicitly rely on the user certificate folder to replicate our internal structure. For example, we will not expect aggregator private key be in format {CERT_DIR}/server/agg_{common_name}.key

[mansishr]

I tried to keep the certs structure consistent but we can do that too. It would also involve users to provide a path where certs will be stored {CERT_DIR}/agg_{common_name}.key. @psfoley @itrushkin @aleksandr-mokrov what do you think?

[itrushkin]

We should not force users to keep our internal PKI folder structure. I think it is better to split this argument and use paths for each file.

[mansishr]

Added separate paths to certs and keys to not rely on internal PKI folder structure.