sia option to require successful role certs during startup

[havetisyan]

Description

During sia startup, the agent only verifies that service identity certificates are successfully fetched and if yes, it notifies systemd that it's up and running. While it reports any failures with role certificates, it doesn't stop the process from running.

However, there might be cases, where having the role certificate is as important as the service certificate so any failure must stop the agent from running. For these edge cases, there is a new option for sia_config that can be specified:

"role_certs_required": true

if specified, the agent will try to fetch the role certificates during startup, it will retry every 20 secs for up to 3 minutes, and if it still fails, it will return failure to systemd. The retry logic is required for the use case where the role is authorized in ZMS and it would take a couple of minutes for the change to propagate to ZTS servers to authorize the issuance of the role certificate.

Contribution Checklist:

• The pull request does not introduce any breaking changes
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Attach Screenshots (Optional)