Add explicit trust establishment

[roosterfish]

This PR adds the explicit trust establishment to MicroCloud according to the spec in https://discourse.ubuntu.com/t/explicit-trust-establishment-mechanism-for-microcloud/44261.

The PR adds the EFF wordlist with over 1300 lines so please consider this for the review.
The license information is based on https://www.eff.org/copyright.

It has the following dependencies which have to be met before it can be marked as ready:

• LXD: Shared: Add HMAC and cert utils lxd#13969
• MicroCluster: v2: Backport websocket client functions microcluster#239

In addition we are currently waiting on MicroCeph to merge the v2 of MicroCluster which is also are requirement for this PR.

Open TODO's:

• Align test suite to work with updated questions
• Release minor version of MicroCluster to allow pulling the new websocket client functions in (we will track the commit for now)
• Update this PR's go.mod file if the dependencies are met
• Check for additional unit testing capabilities for the changes in this PR
• Remove the TODO (regarding https://github.com/canonical/microcluster/blob/a4c5273899ac294750d63089f81f78fd1894df67/internal/rest/resources/api_1.0.go#L21-L25) after importing MicroCluster v2
• Update the docs (e.g. preseed)

[roosterfish]

Added some changes as microcloud service add was broken due to the wrong certificate being used.
Functions like RemoteClusterMembers are used both during pre-init and after bootstrap/join but the latter has to use the cluster certificate.

I also made a mistake whilst rebasing #358. As the remote token creation/deletion always happens after the MicroCloud's microcluster is formed, we neither need a secret nor a custom certificate as we can already use full mTLS.

[masnax]

This is awesome, and intuitive to follow, nice job @roosterfish! :)

I mostly have nits to report, primarily structuring of the messages that are printed to the user.

Couple things that stand out:

• During a snap mismatch, the error seems incorrect now because the multicast lookup behaviour is different: Error: Failed to read join confirmation: Failed to send join intent: Skipping peer "micro01" due to missing services (MicroOVN)

• During preseed, it seems we require listen_address to be set, but that defeats the purpose of multicast lookup

• the --add flag for preseed seems redundant can be improved

• The biggest one (but also not a blocker) is the behaviour if a joiner's session ends. On the initiator there's no feedback, so as you are flipping through your joiners and typing the password, if one of them dies in the background, by the time you get back to the initiator and confirm the systems in the table, you have no way of knowing that a problem occurred, and the initiation fails. It would be nice if we could have a column for "session status" in the table so that we know when a joiner has closed its session, and can work around it. I don't believe our current table package allows for easy updates though, so we can deal with this later.

[masnax]

Just a handful of more nits, and some validation suggestions :)

[masnax]

Should be "Searching for an eligible system ..." right?

Also maybe s/system/initiator/?

[roosterfish]

@masnax preseed test succeeded after resolving the conflict, so I would carefully say it's ready for review again :)

The test run before showed green for all jobs.

[roosterfish]

Did another small push as I saw a slice was initialized with the wrong capacity which caused this output during preseed:

root@micro03:~# microcloud preseed < p
Successfully joined the MicroCloud cluster and closing the session.
Commencing cluster join of the remaining services (, , , , LXD, MicroCeph, MicroOVN)

[masnax]

Other than that 1 nit, this looks great! Thanks for the hard work @roosterfish!

[masnax]

I take it we removed the missing services question from microcloud join, so this description is misleading now.

[roosterfish]

Ah good catch, fixed with #416.