Multiple roots and federation

[maraino]

Description

This PR adds support for federated roots, and multiple roots for root rotation. Fixes #19

Federated roots are a list of public certificates that a client can include and trust, a new endpoint (/federation) has been added that returns the server roots as well as the federated ones.

The CA now supports one or multiple roots in the root property of the JSON, that property is able to unmarshal both strings and arrays, the latter must be always used for multiple roots. The SDK is able to update the root certificates on each renew, and this feature can be used for root rotation following this process:

1. CA is configured with rootA.
2. BootstrapServer/BootstrapClient are created, accepting only rootA.
3. CA is updated and adds rootB, rootA and rootB are accepted.
4. BootstrapServer/BootstrapClient do a renew and include rootB into the trusted pools
5. CA can now create new intermediates and remove rootA.
6. BootstrapServer/BootstrapClient will able to renew with rootB.

A known issue is that at this moment rootA won't be removed, but a new issue with a strategy to support that has been created.

[codecov-io]

Codecov Report

Merging #22 into master will increase coverage by 4.33%.
The diff coverage is 92.8%.

@@            Coverage Diff             @@
##           master      #22      +/-   ##
==========================================
+ Coverage   71.81%   76.15%   +4.33%     
==========================================
  Files          19       20       +1     
  Lines        1451     1652     +201     
==========================================
+ Hits         1042     1258     +216     
+ Misses        296      280      -16     
- Partials      113      114       +1

Impacted Files	Coverage Δ
ca/renew.go	80.24% <0%> (+4.93%)	⬆️
api/api.go	100% <100%> (ø)	⬆️
ca/tls_options.go	100% <100%> (ø)	⬆️
ca/bootstrap.go	75% <100%> (+1.08%)	⬆️
authority/root.go	100% <100%> (+16.66%)	⬆️
ca/ca.go	59.52% <100%> (+13.74%)	⬆️
authority/config.go	75.86% <100%> (+5.71%)	⬆️
ca/tls.go	66.9% <81.81%> (+3.66%)	⬆️
ca/client.go	70.07% <81.81%> (+1.1%)	⬆️
authority/types.go	82.22% <82.22%> (ø)
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1097863...e8ac3f4. Read the comment docs.

[dopey]

Left some comments.

[dopey]

lgtm