initial scaffolding for consul-server-connection-manager integration

[mikemorris]

Changes proposed in this PR:

Integrate the consul-server-connnection-manager library to replace the reliance on a Consul client when interacting with the Consul API.

Removes a workaround introduced in #73 for a bug in Consul 1.11 due to a dependency on the Consul agent for the ConnectCALeaf API call - this appears to have been fixed in hashicorp/consul#12820 and was included in the Consul v1.11.6 patch and newer releases.

How I've tested this PR:

TODO

How I expect reviewers to test this PR:

TBD

Checklist:

• Tests added
• CHANGELOG entry added

  Run make changelog-entry for guidance in authoring a changelog entry, and
  commit the resulting file, which should have a name matching your PR number.
  Entries should use imperative present tense (e.g. Add support for...)

[mikemorris]

Tests seem to mostly be hanging currently, with errors like below when cancelling:

failed to resolve DNS name: : lookup : no such host

failed to resolve DNS name: notadomain: lookup notadomain: no such host

If the actual integration is halfway-correct, I'm guessing some mocks might need to be updated.

[mikemorris]

There didn't seem to be any reason to initialize an API client here when it always gets re-initialized in RunExec anyway.

[mikemorris]

TODO: login/logout functionality appears to be supported directly within the consul-server-connection-manager library, refs hashicorp/consul-server-connection-manager#9

[mikemorris]

To reimplement this without relying on the Consul agent, we'd basically need to rewrite all of the logic from https://github.com/hashicorp/consul/blob/main/agent/cache-types/connect_ca_leaf.go#L514-L685 to generate a new leaf certificate (which currently depends on internal methods of Consul's connect package) and as well as tie it into the CA root watch handler to regenerate certificates on rotation, as the gRPC API only exposes the lower-level Sign method.

[mikemorris]

Superseded by #449 and #443