Adds support to manage GCP PrivateCA Certificates

[modular-magician]

PR adds support to issue certificates from Private CA

google-beta already has terraform support to create CAs...this adds the ability to add certificates under those CAs.

Note:

• provider will issue certificates only for CAs that are tier: ENTERPRISE (since other tiers do not keep state of certs)

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).

• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.

• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).

• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).

• Read the Release Notes Guide before writing my release note below.

`google_privateca_certificate`

---

for ref, here is an end-to-end usage (this generates a CA and then two certs (one with a provided public key and another with a CSR):

provider google-beta {}
provider tls{}

resource "random_string" "randomca" {
  length = 8
  special = false
}

resource "random_string" "random1" {
  length = 8
  special = false
}

resource "random_string" "random2" {
  length = 8
  special = false
}

resource "tls_private_key" "example" {
  algorithm   = "RSA"
}

resource "tls_cert_request" "example" {
  key_algorithm   = "RSA"
  private_key_pem = tls_private_key.example.private_key_pem

  subject {
    common_name  = "example.com"
    organization = "ACME Examples, Inc"
  }
}


resource "google_privateca_certificate_authority" "ca111" {
  provider = google-beta
  certificate_authority_id = random_string.randomca.result
  location = "us-central1"
  lifetime = "30000s"
  project = "mineral-minutia-820"
  type = "SELF_SIGNED"
  key_spec {
    # cloud_kms_key_version = "projects/mineral-minutia-820/locations/us-central1/keyRings/mycacerts/cryptoKeys/server/cryptoKeyVersions/4"
    algorithm = "RSA_PSS_2048_SHA256"
  }
  tier = "ENTERPRISE"
  config  {
    subject_config  {
      common_name = "san1.example.com"
      subject {
        country_code = "us"
        organization = "google"
        organizational_unit = "enterprise"
        locality = "mountain view"
        province = "california"
        street_address = "1600 amphitheatre parkway"
        postal_code = "94109"
      } 
    } 
    reusable_config {
      reusable_config= "projects/568668481468/locations/us-central1/reusableConfigs/root-unconstrained"
    } 
  } 
  disable_on_delete = true
}


resource "google_privateca_certificate" "config" {
  provider = google-beta
  certificate_authority = google_privateca_certificate_authority.ca111.certificate_authority_id
  #certificate_authority = "prod-root"
  project = "mineral-minutia-820"
  location = "us-central1"
  lifetime = "860s"
  name = random_string.random1.result
  config {
      reusable_config {
        reusable_config= "projects/568668481468/locations/us-central1/reusableConfigs/leaf-server-tls"
      } 
      subject_config  {
        common_name = "san1.example.com"
        subject {
          country_code = "us"
          organization = "google"
          organizational_unit = "enterprise"
          locality = "mountain view"
          province = "california"
          street_address = "1600 amphitheatre parkway"
          postal_code = "94109"
        } 
        subject_alt_name {
          dns_names = ["hashicorp.com"]
          email_addresses = ["email@example.com"]
          ip_addresses = ["127.0.0.1"]
          uris = ["http://www.ietf.org/rfc/rfc3986.txt"]
        }
      }
    public_key {
      type = "PEM_RSA_KEY"
      key = base64encode(tls_private_key.example.public_key_pem)
    }    
  }
}


resource "google_privateca_certificate" "pem" {
  provider = google-beta
  certificate_authority = google_privateca_certificate_authority.ca111.certificate_authority_id
  #certificate_authority = "prod-root"
  project = "mineral-minutia-820"
  location = "us-central1"
  lifetime = "860s"
  name = random_string.random2.result
  pem_csr = tls_cert_request.example.cert_request_pem
}


# output "ca_specs" {
#   value = "${google_private_ca_certificate_authority.ca111.id}"
# }

output "ff" {
  value = tls_private_key.example.public_key_pem
}


output "cert_specs_config" {
  value = google_privateca_certificate.config.pem_certificate
}

output "cert_specs_pem" {
  value = google_privateca_certificate.pem.pem_certificate
}

Derived from GoogleCloudPlatform/magic-modules#4449