Record endorsed node certificate in KV store

[jumaffre]

Resolves #2554

[Still very much WIP, in particular with regards to compatibility with 1.x LTS] Now Ready for review!

Node endorsed certificates are now recorded in a new public:ccf.gov.nodes.endorsed_certificates table (rather than self-signed certificates in the existing nodes table).

This has the following implications:

• New joiners pass their self-signed CSRs to the current primary, which records it in the store on join.
• Member proposal to trust a node also generates and records the new joiner's endorsed certificate.
• New joiners should pick up their endorsed certificates from a new KV hook.
• 2.x nodes should still be able to verify node signatures from a 1.x ledger.

This isn't effective for BFT services (see new entry in configuration table), mostly because the ECDSA signature scheme we use isn't deterministic, and because this will be impacted by the Byzantine identity work.

Tasks:

• Change the moment TLS connections are endorsed on new joiners
• Fix channel initialisation with non-endorsed certificate issue
• Compatibility:
  • Join protocol (2.x node joining a 1.x service).
  • 1.x Ledger
  • Upgrade constitution in lts_compatibility test (Update constitution and add node to LTS compatibility test #2882)
• Unify recovery first and genesis transactions (Unify genesis and public recovery transaction execution #2876)
• Update documentation + sequence diagram
• Changelog

[achamayou]

8: ===============================================================================
8: ../src/consensus/aft/test/committable_suffix.cpp:499:
8: TEST CASE:  Multi-term divergence
8: 
8: ../src/consensus/aft/test/committable_suffix.cpp:499: FATAL ERROR: test case CRASHED: SIGSEGV - Segmentation violation signal
8: 
8: ===============================================================================
8: [doctest] test cases:   2 |   1 passed | 1 failed | 12 skipped
8: [doctest] assertions: 102 | 102 passed | 0 failed |
8: [doctest] Status: FAILURE!
8: /__w/1/s/tests/unit_test_wrapper.sh: line 5:  1911 Segmentation fault      (core dumped) LLVM_PROFILE_FILE="${1}.profraw" "./${1}" -nv
 8/65 Test  #8: raft_test .........................***Failed    0.17 sec

In the daily build job.