TLS for GRPC

[setrofim]

Implement TLS for GRPC connections between REST frontends and VTS. A number of supporting changes are also made to vts and vtsclient implementations, and to the docker deployment:

• Update to GRPC 1.64 (I could not get TLS to work correctly with the old version). This also means switching away from deprecated Dial, WithBlock, and WithTimeout APIs, and using NewClient.
• Add certificate for the VTS service.
• VTSClient.Init() now takes certPath and certKeyPath parameters pointing to the certificates used for mutual auth. Services use the same certs they use for REST APIs for GRPC connections as well.
• clean up config loading for provisioning/verification by using "zerodefault" struct field "tag" which allows using empty strings. (I forgot that existed when I originally implemented that config).
• Service config has gotten more complicated, and more changes are necessary to make it work correctly while running in Docker vs natively. To make things easier, update the config.yaml files in the services' build directories to work when running the service from the build directory natively. Add config-docker.yaml that contain config needed when running inside a docker container (e.g. when debugging -- the deployment containers continue to use the existing deployment config).

Also:

Added a script to (re-)generate all certificates necessary for a Veraison services deployment. The script makes some assumptions about what the deployment looks like (e.g. how the service nodes are named) that is based on the docker deployment, but should be generic enough to be useful for other deployments.

The services certs are signed with a cert named "rootCA.crt" in the same directory as the script (and the certs that will be generated). The script will generate a self-signed rootCA.crt if one isn't provided.

Addresses https://github.com/veraison/services/issues/191