WIP: Add initial configuration for SmartCard authentication

This is the first stab at #988 (closed) and contains experimental code. This MR might be disregarded and superseded by another approach.

Here's a summary of the approach in this MR:

• Smartcard authentication can be enabled with global.appConfig.smartcard.enabled
• A default CA is generated in shared-secret, if one is not provided using global.appConfig.smartcard.caSecret. The default value is an extracted pool from https://curl.haxx.se/docs/caextract.html.
• The relevant configuration is added gitlab.yml.erb in unicorn subchart to be picked by Workhorse.
• nginx-ingress of unicorn is configured to do the client SSL authentication (it doesn't create a separate server context as described in https://docs.gitlab.com/ee/administration/auth/smartcard.html.

Closes #988 (closed)