support self-signed certificates

[vielmetti]

As noted in #51, If you run cfssl apiserver tls-enabled, it is currently not possible to use self-signed certificate, because certmgr will reject it.

The request is to support self-signed certificates, in order to support the use case described in NixOS/nixpkgs#45670 where certmgr is intended to support Kubernetes on NixOS.

Opening this as an issue to put the question of whether certmgr should support self-signed certs, and to expose that as a desirable goal for the above use case.

[ferringb]

This should be resolved via the merged PR; pardon the lag in reviewing it. You should expect an RC release in the next week to two that will contain that fix.