Add ability to manual specify a server-cert

[barrymars]

Changes proposed in this PR:

• Adds the ability to manually specify a secret containing a pre-generated server-cert.

-This coupled with the autoEncrypt feature, removes the need for the tls-init job and so can be run in a gitops way without having to rely on helm hooks etc.

How I've tested this PR:
Used to deploy consul into both local 'kind' cluster and AWS EKS cluster.

Checklist:

• Bats tests added
• CHANGELOG entry added (HashiCorp engineers only, community PRs should not add a changelog entry)

[hashicorp-cla]

All committers have signed the CLA.

[david-yu]

Hi @barrymars out of curiosity are you potentially using Vault for minting your server certs? How do you envision rotating them? We are looking into further integrations with Vault to support retrieving server certs from Vault for TLS.

[barrymars]

we're actually moving away from vault in favour of AWS secrets manager.

hadn't got as far as working out certificate rotation, still at the proof of concept stage

[ishustava]

Looking good, thanks for making this change!

With server cert provided, I think we also need to disable tls-init and tls-init-cleanup jobs.

[barrymars]

good call @ishustava

I am using the helm chart via Tanka (which doesn't support hooks), so hadn't thought of that

I've also added a sanity check so that if setting serverCert you have to have caCert set too

[ishustava]

Looks good! Thanks so much for this contribution!

[ndhanushkodi]

Looks good to me and @sadjamz!