From this patch on, incoming RPC calls are checked against
the map of valid master candidate certificates. If no map
is present, the cluster is assumed to be in
bootstrap/upgrade mode and compares the incoming call
against the server certificate. This is necessary, because
neither at cluster initialization nor at upgrades from
pre-2.11 versions a candidate map is established yet.

After an upgrade, the cluster RPC communication continues
to use the server certificate until the client certificates
are created and the candidate map is populated using
'gnt-cluster renew-crypto --new-node-certificates'.

Note that for updating the master's certificate, a trick
was necessary. The new certificate is first created under
a temporary name, then it's digest is updated and
distributed using the old certificate, because otherwise
distribution will fail since the nodes don't know the
new digest yet. Then the certificate is moved to its
proper location.

Signed-off-by: Helga Velroyen <helgav@google.com>
Reviewed-by: Hrvoje Ribicic <riba@google.com>