If directory is defined instead of certificate files, haproxy will
attempt to treat all files within as a pem bundled certs. And will fail
its configuration test. To avoid this we can put generated by pki
certificates into a temporary directory and them put only valid bundle
file into haproxy_ssl_cert_path.
Such approach allows us to put additional certificates to the directory
outside of the haproxy_server role and keep the directory clean. This
also eliminates the need to list all additional custom certificates and
calculated by role ones.
Additionally added a cleanup/move of the certs if haproxy_ssl_temp_path
set to be different from haproxy_ssl_cert_path which allows a transition
from old setup.
Change-Id: I3662195cb2248d8841e1525d5e6d86f84ca876d3
5413c41121