External CA support

External CA support would be useful.

I intend to implement this myself by providing the following two options:

Boolean $external_ca = false,
Array[String] $external_cert_files = [],

If $external_ca is set, but there are no cert files provided, ipa-server-install is run with --external-ca, and the administrator must fetch the CSR and have a certificate signed. ipa-server-install is not expected to complete at this stage.

Once the administrator has a CA certificate, they can add the $external_cert_files option, with one or more certificates. ipa-server-install is run with --external-cert-file= for each certificate file.

The certificate files are expected to be strings, not filenames. They will be created in a new directory which will be created, called /etc/ipa/external_ca. The files will be called 1.pem, 2.pem, etc.