feat: Implement key derivation for RFC 16

[miampf]

Context

RFC 16 requires key derivation for the client and all nodes. This PR aims to implement that. For the main PR of this RFC, see #3557 (WIP).

Proposed change(s)

• Add grpc functionality to request a CA key from the join service
  • This CA key is derived in the key service
  • The join client in the bootstrapper than gets the derived key in the IssueJoinTicketResponse

Additional info

• The RFC specifies that the CA key should be derived directly from the master secret. This is not the case here. Instead, the key service requests a key from a KMS which in turn is used to derive the CA key. If the cKMS is used, the key sent by the KMS is derived using the master secret.

Checklist

• Run the E2E tests that are relevant to this PR's changes
• Update docs
  • Documentation updates regarding the use of this feature will be done in feat: implement RFC 16 to allow emergency node access #3557
• Add labels (e.g., for changelog category)
• Is PR title adequate for changelog?
• Link to Milestone

[miampf]

Used the feature label instead of no changelog since this PR adds the constellation ssh subcommand for key derivation.

[netlify]

✅ Deploy Preview for constellation-docs canceled.

Name	Link
🔨 Latest commit	0cf04f0
🔍 Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/677ff8477086b10008bb4d49

[github-actions]

Coverage report

Package	Old	New	Trend
bootstrapper/internal/initserver	71.70%	67.90%	↘️
bootstrapper/internal/joinclient	87.00%	86.80%	↘️
cli/cmd	0.00%	0.00%	🚧
cli/internal/cmd	57.90%	56.80%	↘️
internal/constants	0.00%	0.00%	🚧
internal/crypto	69.60%	73.30%	↗️
joinservice/internal/server	78.20%	77.10%	↘️
joinservice/joinproto	0.00%	0.00%	🚧