Add "venafi_credential" resource for automating TPP token request/refresh

[rvelaVenafi]

BUSINESS PROBLEM Allow the Venafi vault monitor to self-manage its access to Trust Protection Platform via token authentication where initialization begins with either username/password, client certificate, or refresh token.

PROPOSED SOLUTION venafi_credential Resource

Arguments (input):

• username
• password (sensitive)
• refresh_token (sensitive)

Attributes (output):

• access_token (sensitive, intended to be fed into venafi_certificate resource)
• expiration (date/time)
• refresh_token (sensitive)

On issue/{role}:

1. if expiration is set
   1. if expiration > now - refresh_window and
      1. refresh_token is set, then get new token(s) by calling POST /vedauth/authorize/token
      2. username & password are set, then get new token(s) by calling POST /vedauth/authorize
   2. else do nothing
2. else (expiration is not set) and
   1. username & password are set, then get new token(s) by calling POST /vedauth/authorize
   2. refresh_token is set, then get new token(s) by calling POST /vedauth/authorize/token

• if POST /vedauth/authorize/token fails above and
  1. username & password are set, then get new token(s) by calling POST /vedauth/authorize

CURRENT ALTERNATIVES Use VCert CLI getcred or direct REST API /vedauth calls to get an access_token which can then be used directly by the venafi_policy resource.