- Generate Server and Peer cert for etcd
- Generate Client cert for apiserver
- Add flags / hostMounts for etcd static pod
- Add flags / hostMounts for apiserver static pod

- Generate certs on upgrade of static-pods for etcd/kube-apiserver
- Modify logic for appending etcd flags to staticpod to be safer for external etcd

- Place etcd server and peer certs & keys into pki subdir
- Move certs.altName functions to pkiutil + add appendSANstoAltNames()
    Share the append logic for the getAltName functions as suggested by
    @jamiehannaford.
    Move functions/tests to certs/pkiutil as suggested by @luxas.

    Update Bazel BUILD deps

- Warn when an APIServerCertSANs or EtcdCertSANs entry is unusable
- Add MasterConfiguration.EtcdPeerCertSANs
- Move EtcdServerCertSANs and EtcdPeerCertSANs under MasterConfiguration.Etcd

- Fix typos in tests for upgrade phase
- Rename loadCertificateAuthorithy() --> loadCertificateAuthority()
- Disambiguate apiKubeletClientCert & apiEtcdClientCert
- Parameterize hard-coded certs_test config + log tempCertsDir