Allow certificate generation from CSR #4
Description
If we don't have the private key, it would be nice to be able to sign directly a CSR.
We might need to add to the Element in the state a "Type: local" or "Type: remote" to know if the key is local (= we can read it and issue new certificates any time) or remote (= we have no access to it, we can only sign CSRs when we are presented one).