Add cert_handler library

[lucabello]

Issue

This PR addresses the issue of implementing TLS between the components of the cos-lite bundle.

Solution

The cert_manager.py library is a convenient wrapper around the tls_certificates library. It allows integrating TLS in charms quite smoothly.

Testing Instructions

Use this library to obtain a certificate in a charm and try to use it.

[lucabello]

Currently the main point of contention is if the cert_manager.py library should have a lib dependency on tls_certificates or not.

It has been mentioned that since the dependency is only on our charms side, an import guard could suffice as the final implementation would be cleaner. This is the approach that's currently implemented in this PR.

Illustrating both scenarios in terms of charm integration:

• no library dependency: the charm needs to pass all the relevant tls_certificates functions to CertManager and observe its custom events on its own; the charm would contain something like this:

  import charms.tls_certificates_interface.v2.tls_certificate
  import charms.observability_libs.v0.cert_manager
  
  self.certificates = tls_certificates.TLSCertificatesRequiresV2(self, "certificates")
  
  self.cert_manager = CertManager(self,
  private_key_password=b"password",
  generate_private_key=tls_certificates.generate_key,
  generate_csr=tls_certificates.generate_csr,
  request_certificate_creation=tls_certificates.request_certificate_creation,
  request_certificate_renewal=tls_certificates.request_certificate_renewal
  )
  
  self.framework.observe(self.on.certificates_relation_joined, self.cert_manager._on_certificates_relation_joined)
  self.framework.observe(self.certificates.on.certificate_available, self.cert_manager._on_certificate_available)
  self.framework.observe(self.certificates.on.certificate_expiring, self.cert_manager._on_certificate_expiring)
  self.framework.observe(self.certificates.on.certificate_invalidated, self.cert_manager._on_certificate_invalidated)
  self.framework.observe(self.certificates.on.all_certificates_invalidated, self.cert_manager._on_all_certificates_invalidated)

• with library dependency: this scenario is much simpler as the charm can delegate everything to the library:

  import charms.observability_libs.v0.cert_manager
  
  self.cert_manager = CertManager(self,
  private_key_password=b"password"
  )

[lucabello]

Another useful feature to include in this library, I think, is to include saving the certificate to file once it's obtained, instead of only having it in peer relation (possibly by passing a folder path to the CertManager object itself, or having a good default).

This way a charm only needs to worry about using the certificate.

What do you think about it?