Add a 'manual' Certificate implementation

We should add the ability to paste a CA certificate into the front-end. It should presumably look something like:

AWS_SSLCertificate

Ideally we'd also:

  1. Generate the key/CSR.
  2. Validate the certs(s) in the front-end.
  3. Expunge the key from the front-end DB.
  4. Notify when a certificate is coming due for renewal (this could be implemented as a hosting_probe)

For background, see #2 (closed).