Add TLS support

[matt-bathyscope]

This PR adds support for TLS in nginx using a self-signed certificate that's unique to each robot, along with additional changes needed for other components to work when TLS is enabled.

• Moves the nginx config to /etc/blueos/nginx/ instead of the current tools path in the container so we have persistence.
• Updates the bootstrap container's version-chooser reachability check to accept the self-signed cert so it doesn't kill the core container.
• Adds a checkbox to the vehicle configuration wizard to enable the TLS feature.
• Generates a certificate (when needed) that includes the alternate hostname(s) and IPs for the robot. This feature shells out to openssl to do the crypto operations, but attempts to mitigate any command injection risk by escaping parameters (like hostname) with the shlex.quote function. The cert and key files are stored alongside the nginx config.
• There are two "template" nginx configs, one with TLS and one without, that are shipped with the core. The code moves the correct one into place depending on whether or not TLS should be enabled.

How to test this

1. Manually choose the TLS-aware bootstrap and core images from CI (or from the correct tag on DockerHub)
2. Re-run the vehicle setup wizard
3. Check the Enable TLS box on the Customize step
4. Complete the wizard
5. Navigate to https://<your robot hostname>
6. Accept the cert warning
7. You should have TLS now

[CLAassistant]

All committers have signed the CLA.

[patrickelectric]

Hi @matt-bathyscope can you sign the CLA ?