[FEATURE REQUEST] Add x509 runner module to use in x509_v2 execution module for remote signing

[SndR85]

Is your feature request related to a problem? Please describe.
I would like to be able to handle the Salt master to do the remote signing for signing certificates. Currently it's required to have a minion which is called via peer communication the x509_v2 module to handle the signing on it.

Describe the solution you'd like
I would be able to have and use a runner module on the Salt master which will do the signing of the remote certificate that is requested by the Salt minion. I would be able to set use_runner to a value of True in the x509.certificate_managed-state to allow the use of this runner. Also in the peer_run config on the Salt master should be set which minion may request to to the remote signing.

Describe alternatives you've considered
I have created a runner module which handle the signing. I have created a copy of the current x509_v2 execution module and modified it to let the module use the runner module on the master. However, this isn't future proof as I have to keep the module in sync with the upstream module of Salt, which is used by the x509_v2 state.

Additional context
...

Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.

[SndR85]

I'm wondering if there is any downside of this approach? For now, it's required to let the minion do the signing. I'm wondering if it would make sense to let the master handle the signing without use of a minion process.