Support Azure Active directory token validation by default

[Aymalla]

Currently, to enable the Azure Active Directory as a JWT token issuer, we need to submit a proposal with two actions.

• set_ca_cert_bundle
• set_jwt_issuer

Suggestion: Support the AAD as a JWT issuer natively or via a simple proposal action such as "enable_aad_jwt_issuer," and have CCF handles the signing keys configuration and refresh automatically.

[Aymalla]

@achamayou comment "Having a combined proposal is definitely possible and a good idea. Just "enable_add_jwt_issuer", without passing the CA explicitly does not work if the sole root of trust is the member, which is currently our security model. Instead they need to sign it and pass it in.

The alternative that you are maybe thinking of (CCF goes to fetch the CA) requires a pre-existing trusted CA store, to perform the TLS server verification. What we could do though is provide a script that makes use of the OS's CA store that does that, and sends it as a signed proposal."

[eddyashton]

We will probably do this as a client-side script (which fetches the CA cert, and outputs a proposal containing multiple actions), rather than a fresh action (where the service would need to have an existing trust store).