Revisit how to renew node certificates

[fboucquez]

By default, the CA file expires every 20 years but the node/transport expires every 1 year.

Currently, it's possible to remove all the certificates of the node and regenerate them with the --upgrade

mv target/nodes/node/cert backup-cert
symbol-bootstrap start/config -a mainnet -a dual config --upgrade -c custom-preset

But I wouldn't recommend this. Both ca and nodes are deleted and bootstrap may ask for both note and main private keys (depending on the privateKeySecurityMode)

This issue is to add command/detection so bootstrap can regenerate the node certificate without regenerating the CA one. The node private key could be extracted from the node.key.pem if required.

[fboucquez]

Update, the main private key is required when renewing the node certificate. Bootstrap would resolve from the encrypted addresses.yml or prompt the user depending on the privateKeySecurityMode.

Bootstrap to add "close" to expiration detection that can run on --upgrade or on the healthCheck command.

Update 2: It is desired to not only renew the node certificate but to renew the node/transport private key. The harvesters.dat file would need to be migrated from the old node/transport private key to the new private key. A migration tool needs to be created, ideally, a native TS one if doable (like voting key generator) or a catapult tool.