Integrating with `cardano-node`

[tdammers]

In order for the KES Agent to be useful, Nodes must be able to connect to it and receive KES keys and OpCerts.

Steps:

1. Merge PR input-output-hk/ouroboros-network#317 into cardano-base. This PR includes secure forgetting (without which a KES Agent would be useless), as well as direct access to secure (mlocked) key memory (which is necessary so that we can send keys over domain sockets without accidentally storing secrets in unprotected memory, e.g. via intermediate variables living on the GHC stack)
2. Change cardano-node's dependency on cardano-base to a version that includes PR 317. This will require some changes to cardano-node to facilitate the changed KES API, which now requires IO for any access to protected memory (particularly sign keys), and will also propagate to some dependencies.
3. Add kes-agent as a dependency to cardano-node
4. Change cardano-node such that KES keys and OpCerts are no longer loaded from disk, but rather received from a KES Agent, and only stored in mlocked memory (storing OpCerts on disk is acceptable though)

[iquerejeta]

Step 2. depends on IntersectMBO/ouroboros-consensus#558

[tdammers]

Step 1: complete.

Step 2: IntersectMBO/ouroboros-consensus#1374

Step 3: IntersectMBO/ouroboros-consensus#1402

Step 4: will be dealt with in ouroboros-consensus, cardano-node, and cardano-cli.