[FEAT] Expose PGPSigning service to applications

[MorningLightMountain713]

For applications, currently, it's impossible to bootstrap db / config from another node (securely). It has to be done from an outside source. This is because an application on one node is unable to verify the identity of another application on another node.

Ideally, should be able to seed an application externally, once that is done, a seeded node can then be used to seed new nodes with no external intervention.

With the new PGP keys that get created, each node now has it's own verifiable identity.

I propose exposing a service in the internal docker network only, whereby an application can call an endpoint in their private /24 network say /pgp/sign (either querystring or POST) with a small message, and the host will respond with a signature.

In order for this to be per app, the host would insert the appname into the message before signing

This would allow for app developers to build the following workflow:

{App state is already configured from external source}
1/ New app node is spun up.
2/ Looks up other nodes ip addresses.
3/ Contacts other node asking for config.
4/ Other node offers challenge - random bytes to sign.
5/ New app node calls internal signing service
6/ Host uses PGP private key to sign message and sends sig to app
7/ New app node returns signature
8/ Other node looks up GPG pubkey via api
9/ Other node validates signature (and received in timely manner)
10 / Other node confirms new node identity.
11/ Other node provides New app node bootstrap config

You would probably do the above both ways I.e. both nodes validate each other.

[MorningLightMountain713]

See #1212