[ca] Propagate issuer info from TLS certificates to SecurityConfig

[cyli]

The issuer info will allow us to determine if a TLS certificate needs rotation (because it is signed by the wrong issuer during a root rotation - if it is signed by a cert with the same subject + public key as our desired signing cert, it doesn't need to rotate its certificates).

This information will be generated from:

1. RootCA.IssueAndSaveNewCertificates
2. RootCA.RequestAndSaveNewCertificates
3. Loading TLS certs from disk.

As part of this change, I've also updated SecurityConfig to accept this info plus the TLS certificate in order to update credentials, as opposed to accepting a new ClientTLSCreds object and ServerTLSCreds object.

This means that creation of the mutable TLS credentials can be centralized to just within SecurityConfig, and that the issuer information is accessible from a SecurityConfig and can be updated on every TLS certificate update.

These are cherry-picked from #2077.

[codecov]

Codecov Report

Merging #2079 into master will decrease coverage by 2.97%.
The diff coverage is 82.79%.

@@            Coverage Diff            @@
##           master   #2079      +/-   ##
=========================================
- Coverage   57.67%   54.7%   -2.98%     
=========================================
  Files          58     114      +56     
  Lines        9611   19702   +10091     
=========================================
+ Hits         5543   10777    +5234     
- Misses       3474    7644    +4170     
- Partials      594    1281     +687

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 63b52fe...5ce4faf. Read the comment docs.

[cyli]

^ Not sure what's with codecov, but https://codecov.io/github/docker/swarmkit shows master at around 54.2%, not 57.67%.

[aaronlehmann]

LGTM