[FEATURE] Enable hot reload of gRPC certificates

[finnegancarroll]

Is your feature request related to a problem?
Today gRPC private key and certificate material is provided as an SSLContext. Transports which consume this context and do not create a new instance for each new connection require a way to identify a "stale" configuration such that they request a new fresh instance. Some "version" tag or wrapper then needs to be provided to trigger a hot reload.

What solution would you like?
I imagine two possible solutions:

• A wrapper class which implements the SSLContext interface and automates the process of reloading certificates for consuming transports.
• A version tag which gets updated by security plugin when certificates are reloaded and may be checked by core to identify when new certificates are available.

What alternatives have you considered?
Leave implementation as is on security plugin and leave the responsibility to consuming transports to constantly "refresh" their secure settings providers.

[cwperks]

[Triage] @finnegancarroll I have not taken a deepdive in this area, but is this not already supported with the cert reload APIs? FYI the security plugin also has a setting to listen to FS changes to automatically hot reload.