feat(pd): allow use of staging api for letsencrypt

[conorsch]

Closes #3681.

To test, I provisioned a machine on with DNS on a test domain (to reduce side-effects in case it was broken, and the requested domain got ratelimited):

❯ curl -I https://cert-1.plinfra.net
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

❯ curl -I https://cert-1.plinfra.net -k
HTTP/2 200 
grpc-status: 12
content-type: application/grpc
content-length: 0
date: Tue, 30 Jan 2024 18:11:46 GMT

I also confirmed that when run as a normal user, the bind to 443 fails with an error message:

2024-01-30T18:21:24.968644Z  INFO pd: starting pd abci_bind=127.0.0.1:26658 grpc_bind=0.0.0.0:443 grpc_auto_https=Some("cert-1.plinfra.net") metrics_bind=127.0.0.1:9000 cometbft_addr=http://127.0.0.1:26657/ enable_expensive_rpc=false
2024-01-30T18:21:24.968852Z DEBUG penumbra_app::app: initializing App instance
2024-01-30T18:21:24.968873Z DEBUG penumbra_app::app: initializing App instance
2024-01-30T18:21:24.968965Z  INFO tower_abci::v037::server: ABCI server starting on tcp socket addr=127.0.0.1:26658
2024-01-30T18:21:24.978605Z DEBUG acme_worker: pd::auto_https: received acme event: AccountCacheStore
2024-01-30T18:21:24.979077Z ERROR pd: grpc server on 0.0.0.0:443 failed: Permission denied (os error 13)
Error: grpc server on 0.0.0.0:443 failed: Permission denied (os error 13)

That logic hasn't changed in this PR, but the new output validates that #3555 is working as expected.

[cratelyn]

clean! 🧼