feat: adds cert loading and key-match validation.

[ianhundere]

closes #2070

summary

adds support for reusing existing root/intermediate certs when issuing new leaf certs with the certmaker tool.
includes cli flags (--existing-root-cert, --existing-intermediate-cert), validation, and updated docs.
all kms providers supported (aws, gcp, azure, vault).

release note

• certmaker: support issuing new leaf certs from existing root/intermediate certs.
  • adds --existing-root-cert and --existing-intermediate-cert flags.

documentation

docs updated under docs/certificate-maker.md with new examples, decision tree, and troubleshooting notes.

[codecov]

Codecov Report

❌ Patch coverage is 57.86802% with 83 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.16%. Comparing base (cf238ac) to head (de2a8aa).
⚠️ Report is 474 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/certmaker/certmaker.go	45.08%	52 Missing and 15 partials ⚠️
cmd/certificate_maker/certificate_maker.go	62.50%	10 Missing and 2 partials ⚠️
pkg/certmaker/cert_loader.go	90.69%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2173       +/-   ##
===========================================
- Coverage   57.93%   44.16%   -13.78%     
===========================================
  Files          50       72       +22     
  Lines        3119     5788     +2669     
===========================================
+ Hits         1807     2556      +749     
- Misses       1154     2998     +1844     
- Partials      158      234       +76     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Hayden-IO]

Thanks!

[ianhundere]

@haydentherapper cheers / thanks for the quick fb, ready for another 👀. thanks again / 🙇

[Hayden-IO]

Thanks!