Add support for accepting pre-generated CSRs in tls-certificate library

[giusebar]

Currently the tls-certificates library accepts a list of CertificateRequestAttributes, and optionally a private key.
If no private key is provided the library will generate one and create a CSR to be signed by the root CA.

It would be nice to add support for accepting pre-generated CSRs (CertificateSigningRequest objects) without requiring the library to manage private keys or CSR generation.

In an IoT use cases for instance, a device generates its own private key and provides only the CSR. In this scenario, the charm should not have access to the device's private key.

[saltiyazan]

Thanks for creating the issue @giusebar
We will look into it.