Support Shared Certificates

Customers want to be able to serve content from the edge using a secure certificate (https://)

Poppy will offer 3 options to be able to do this:

1. Shared Domain - this is when the user is given an operator owned domain that they must use. e.g. https://example.cdn1.secure.poppycdn.net. The user will not be able set the domain containing a dot. Validation will need to be updated to enforce this when shared cert is chosen. The access url will be the same as the above domain. The user should not CNAME to this access url.

2. SAN Certificate - this is when the user uses https on their own domain, but the cert itself is shared with many other domains. The user will be able to CNAME their own domain to an operator access_url. e.g. https://www.example.com CNAME to www.example.com.scdn1.secure.poppycdn.net

3. Custom Certificate - this is when the user gets a dedicated certificate for the domain they entered.
With Akamai - akamai will provision the certificate - see Akamai Secure Cert Provisioning API [1].
With other providers, they allow the user to upload the certificate. In this case, we should utilize Barbican do generate a cert, and upload to the provider via their API.

The API is defined in apiary to allow the user to specify the type of cert to use. The operator should be able to define which certificate types are offered via the poppy.conf file.

Vendor Provisioning:
[1] Akamai SSL Provisioning API - https://developer.akamai.com/api/luna/config-secure-provisioning-service/overview.html

Using Barbican to generate and upload:
[2] CloudFront SSL API - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
[3] https://docs.maxcdn.com
[4] https://docs.fastly.com/guides/ssl/how-do-i-order-a-paid-ssl-option-or-set-up-free-shared-domain-ssl-for-my-site (Shared Domain)