Feature custom csr attributes

[bwilcox]

This pull request adds the ability to customize pp_application and pp_cluster values. It also adds code which will cause the agent installer to not overwrite a csr_attributes.yaml file if one already exists.

This is a working example, but I expect there may be other ways that make sense.

[reidmv]

@bwilcox let's talk about the use case(s) for wanting to do this. As a UX design choice as well as for keeping a tightly prescriptive implementation that will keep upgrades manageable in the event of significant future changes, I generally want to keep the number of configurable parameters very minimal. As such, I'd like to explore what other options we may have for addressing whatever problem this PR solves.

So for discussion: what problem does this solve? 🙂

[bwilcox]

The first issue is that the existing code completely overwrites any custom csr_attributes.yaml file on infrastructure nodes. So for an enterprise which has a set of established OIDs they want in their certificates, there is no way to get those things into the trusted extensions at install time.

The second issue is that pp_application and pp_cluster are being set with no ability to override. Customers using peadm as a migration tool can already have values for these OIDS.

The first issue I think we absolutely need to address. The second is maybe less so, depending on the customer you're talking to. The node groups setup based on pp_cluster for compilers could be adapted post-install. pp_application on the other hand is commonly used for roles and if a customer already has well established roles for Puppet infrastructure we are introducing a little more headache.

[reidmv]

I think another approach to the conflict with pp_application and pp_cluster is to use custom OIDs. See #76 for an implementation of that.