Add CoreConfig & Root/Intermediate Secrets

[ingalls]

Context

Intent here (and I'm not stuck on this approach cc/ @chriselsen) is to provide a more durable location to store irreplaceable files (Root CA/Intermediate) in the same way the TAK Admin Cert is currently implemented thanks to @chriselsen

Secondarily this can also serve as a way to inject externally modified or provided config/certs into the core EFS/ECS tasks

[chriselsen]

You could do the following:

• Before line 26 download the CA + server cert from secrets manager to a temp location.
• Compare for each of the downloaded files if they match to what is in the EFS filesystem
  • If a file matches or nothing was downloaded, nothing needs to be done.
  • If a file doesn't match, overwrite the EFS file with the downloaded file.
• After line 39 upload the cert files into secrets manager. (Same way as lines 37 - 39).

[chriselsen]

@ingalls FYI: I locked the write permissions to Secrets Manager down to a single key "/tak-admin-cert" from within the container.
You'll need to amend this list for the other keys.

[ingalls]

May 01, 2025 at 16:03 (UTC-6:00)
	
ca.pem file already exists! Please delete it before trying again
	
api
May 01, 2025 at 16:03 (UTC-6:00)
	
ok - Root CA - Generating New Certificate
	
api
May 01, 2025 at 16:03 (UTC-6:00)
	
ok - Root CA - Checking for AWS Secrets Manager Secret
	
api
May 01, 2025 at 16:03 (UTC-6:00)
	
ok - Certbot - Restoring cronjob
	
api
May 01, 2025 at 16:03 (UTC-6:00)
	
ok - NodeJS - Version: v22.15.0
	
api
May 01, 2025 at 16:03 (UTC-6:00)
	
ok - TAK Server - New ECS Task starting...```

[ingalls]

@chriselsen I removed CoreConfig from the secrets manager as the following 2 things will bite us:

Federation & COT Injectors can be modified via API but the backend store is the CoreConfig and not the database. As such if there is heavy use of either we will blow past our 100 version limit in the AWS SecretStore service.

This PR is getting long in the tooth so for now I've dropped CoreConfig and will re-evaluate where it should live. The S3 bucket for ECS config is an option? Or Maybe AWS System Manager Parameter Store?