create option to return all certs from signer in SCEP response

[mishaslavin]

creation of ReturnEntireCertChain option for SCEP provisioner which controls whether to use the current default behavior of just returning the leaf cert or to return all certificates that we get from the signer response

Name of feature: ReturnEntireCertChain

Pain or issue this feature alleviates:

Currently, the SCEP response does not contain the entire intermediate chain that the CA provides in response to the CSR. The CA may return the leaf certificate in addition to intermediate certificates from which it is signed in order to build a chain of trust to the common root which is in both server and client stores.

Why is this important to the project (if not answered above):

Without this feature, clients must have the intermediate certificates manually managed in their trust stores which introduces failure points for administration and can cause outages during rotations

Is there documentation on how to use this feature? If so, where?

In what environments or workflows is this feature supported?

In what environments or workflows is this feature explicitly NOT supported (if any)?

Supporting links/other PRs/issues:

💔Thank you!