mitm: Forwarder should be able to request certificates from an external CA

[mattb-nn]

Forwarder should be able to interact with an external service (such as Hashicorp Vault) to request a certificate / send a certificate signing request.

This certificate / signing request could then be subject to the CA's validity / scope constraints, and sensitive key material kept away from user-facing services.

The sucessfully-generated / signed certificate would be cached by the Forwarder instance.

[mmatczuk]

I agree that makes a lot of sense.