Ensure certificates retrieved through the cache get persisted with auto-config

[mkeeler]

When implementing auto-config certificate generation without auto-encrypt I missed a crucial feature which is that certificates for auto-config must be persisted to allow for restarts to function properly after the agent has existed for 3 days. The initial certificates get persisted but I wasn't updating the persisted configuration once new certificates were retrieved.

This PR implements that persistence.

In the near future I am going to be doing more refactoring and merging. The auto-encrypt code will be consumed by the auto-config packages as well as the cert-monitor package. Basically, with this PR I don't love how the persistence has to happen through a series of callbacks. I think with that the conclusion I have come to is that the code in the cert-monitor package really needs to be a part of the auto-config package and subsequently so should the auto-encrypt code currently living on the Client struct. That is a much larger change and more work than would be able to be accomplished before the 1.8.1 release. Outward behavior that a user can observe is correct and will not change even with needing to refactor this to not be quite so bad next week.

[crhino]

I agree that having the fallback and persist callbacks do make the auto-config and cert-monitor packages have some convoluted dependencies on each other, 👍 in favor of refactoring that into a more coherent shape later.

[mkeeler]

I have that refactoring about half way done but ran into now having a dependency on the agent/router.Router or agent/router.Manager so I need to move that into a shared component at the agent level passed down into the server/client. That is going to take more work so I quickly put this together to solve the problem in a less nice way.

[crhino]

LGTM!

[hashicorp-ci]

🍒❌ Cherry pick of commit 1a78cf9 onto release/1.8.x failed! Build Log