Support for signed minion keys

[thardie]

Description of Issue/Question

When running a multi-master setup, you need to manually accept all minion public keys on all masters. This is not scalable, especially if your masters are somewhat ephemeral (like running masters in a kubernetes cluster). In the same way minions can trust multiple master with a signature system, add the ability for masters to accept minions if they present a signature that is from a recognized key. This will mean masters do not need to keep every single minion's key, and just need to accept minions that present a valid signature. An external KMS can then be used to pre-populate minion keys (like hashicorp vault), since the minion keys can be signed by the central key authority

[Ch3LL]

will approve as a feature request thanks

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

[mchugh19]

Valid feature request and not see stale

[stale[bot]]

Thank you for updating this issue. It is no longer marked as stale.

[pengyao]

This is a nice feature request, please don't stale