self-signed certificates should be installed to traefik/spin

[bacongobbler]

Right now we bind the certificate to kestrel's config but do nothing with nomad/Traefik. We only resolve let's encrypt support.

hippo/src/Application/Channels/EventHandlers/CertificateModifiedEventHandler.cs

Lines 37 to 46 in 8c11b91

	// Add cert to kestrel config; kestrel will automatically reload
	// https://docs.microsoft.com/en-us/dotnet/core/compatibility/aspnet-core/5.0/kestrel-configuration-changes-at-run-time-detected-by-default
	//
	// NOTE: It is safe to assume that a domain has been added thanks to CreateChannelCommandValidator.
	//
	// TODO: Do we need to handle cases when the domain name changes? Perhaps we should handle that with a new event.
	// That being said, it is likely the certificate will need to be replaced... So this may not be an issue.
	var sniOptions = new SniOptions(new SniOptions.CertificateOptions(channel.Certificate.PublicKey!, channel.Certificate.PrivateKey!, Path.Combine(System.IO.Directory.GetCurrentDirectory(), channel.Domain)));
	_configuration.GetSection($"{SniOptions.Position}:{channel.Domain}").Bind(sniOptions);

hippo/src/Infrastructure/Jobs/NomadJob.cs

Lines 179 to 183 in 8c11b91

	""traefik.http.routers." + Id + @".rule=Host(`${var.host}`)"",
	" + entrypoint + @"
	""traefik.http.routers." + Id + @".tls=true"",
	" + certresolver + @"
	""traefik.http.routers." + Id + @".tls.domains[0].main=${var.host}""

fermyon/spin#114 introduced tls key/cert support for the spin runtime, so we should be able to install a TLS certificate into the nomad job so that spin is serving the certificate.