Use `tls_public_key` data source instead of `tls_private_key` resource

[jheinnic]

The tls module's tls_private_key resource is currently used to create a private SSH key before running the OpenShift installer. That key's public counterpart is extracted and attached to the Openshift configuration file to enable the key to be usable for logging in to cluster nodes for troubleshooting purposes if needed.

Documentation for tls_private_key, found here, includes a highlighted "important security notice" that advises against using this facility in production systems. There given reason is that stores the generated key in its state file, and does so without encryption.

The public key data source, in contrast, is given access to a private key that pre-existed and therefore is not making a reference to a private key that independently existed before Terraform was asked to do anything at all. There is also no security warning on the the public key data source's documentation page, here.

For users of this tool trying to debug issues that interfere with the deployment completing successfully, being asked to bring an SSH keyfile to register for remote access is a much easier workflow to commit to than is searching for the primary key embedeed in a large state file.  This second merit may be a subjective bit of personal preference, but the security concern would seem to be pretty clear cut as far as reasons go.

[vbudi000]

This is not consistent with the other Azure/GCP processing ... closing