* gRPC API server requires a CA certificate to verify
and authenticate clients (passed via -ca-file)
* gRPC clients must authenticate with a client certificate
and key (passed via -cert-file and -key-file)
* A CA certificate (e.g. ca.crt) should be used to sign a server
certificate (server.crt for a private key server.key)
* gRPC API server requires a server certificate and key to be enabled
(passed via -cert-file and -key-file)
* gRPC client bootcmd tool must verify the server identity using a
known CA (passed to bootcmd via -ca-file)
* This provides transport security, it does not provide client
authentication
* bootcfg/version package provides the linker's GIT SHA based
version to bootcfg components
* Display the bootcfg version via the HTTP server / path for
convenience and for validating a deployed version easily
* Log requests to the / rooted subtree paths to surface machines
which are making requests containing typos and mistakes that do
not match HTTP API endpoints
* Change assets download location to examples/assets
* FileStore should default to /var/lib/bootcfg/{profiles,groups,
ignition,cloud}
* Assets location should default to /var/lib/bootcfg/assets
* Fix -rpcAddress flag to be -rpc-address
* Allow bootcfg groups metadata to be defined via YAML
* Convert YAML metadata to JSON bytes field in a protobuf message
* Strip metadata except strings, string slices, and string-keyed maps
with nesting
