Relaxing validation of allowed_uses in tls_locally_signed_cert and tls_self_signed_cert

[detro]

As part of milestone 3.2.0, more stringent validation was introduced in many arguments fields. One of which is the argument allowed_uses, used by the resources:

• tls_locally_signed_cert
• tls_self_signed_cert

Given the nature of the argument, values provided that were not known to the Provider code, were silently ignored: the practitioner would get a certificate without one or more of the Key Usages they expected, but the provider would not report it.

From the RFC 5280, section 4.2.1.3:

KeyUsage ::= BIT STRING {
           digitalSignature        (0),
           nonRepudiation          (1), -- recent editions of X.509 have
                                -- renamed this bit to contentCommitment
           keyEncipherment         (2),
           dataEncipherment        (3),
           keyAgreement            (4),
           keyCertSign             (5),
           cRLSign                 (6),
           encipherOnly            (7),
           decipherOnly            (8) }

Hence, the introduction of the validation.

Unfortunately this means that existing terraform configurations started failing with the update to 3.2.0.

So, in the interest of not introducing regressions, this PR alters the validation logic slightly: if practitioner uses a non acceptable value for allowed_uses, instead of erroring, the provider will raise a warning and ignore the specific erroneous argument.

[bflad]

This is a great quick fix, nice! 🚀 Should we consider hard validation again for 4.0? 😄

[bflad]

Andddd you're already on it, rock on. #185

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.