Basic implementation for private key rollover (#294)

* initial commit for PRIVATE_KEY_ROLLOVER

* fix if syntax

* rolloverkey without  timestamps

* update example config: PRIVATE_KEY_ROLLOVER

* rolloverkey creation logic updated

* updated tests. untested.

* added cleanup for rolloverkeys: if disabled, delete privkey.roll.pem

docs/examples/config

@@ -72,6 +72,9 @@
 # Regenerate private keys instead of just signing new certificates on renewal (default: yes)
 #PRIVATE_KEY_RENEW="yes"
 
+# Create an extra private key for rollover (default: no)
+#PRIVATE_KEY_ROLLOVER="no"
+
 # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
 #KEY_ALGO=rsa