[CA lifecycle] Re-apply MachineRegistration on updates

[anmazzotti]

This issue is a requirement to allow CA lifecycle management on Elemental machines, but it can also be generalized to simply reapply the MachineRegistration and all of its logic when running upgrades.

In this way not only a CA cert can be renewed, by updating all machines before updating your ingress for example, but it will also enable MachineRegistration's cloud-config update, if needed. We could also have toggles to allow or not updates of certain logic when it makes sense, for example the cloud-config since it could lead to undesirable outcomes.

Note that a requirement for doing this safely is to use OEM partition snapshots, so that any apply change can be rolled back on a failed boot assessment.

[davidcassany]

A generalized view of this ticket should also cover, or at least, be closely related to #849. Probably the upgrades cloud-config mentioned there should be the one from registration. We need to carefully find procedures for applying config changes after deployment, CA lifecycle turns to be a really good use case to analyze.