Role based access controls to CA

This is related to support RT#15938 and GL #1120 (closed).

Along with providing a mechanism for authentication on the CA interface (from Kea, not requiring the reverse proxy - #1120 (closed)), we have a request for role-based access controls.

Requirements: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/rbac-tls-requirements Design: https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/rbac-tls-design