backdate generated ca and server certs (tinkerbell#130)

## Description

Updates cfssl configs to backdate generated certificates

## Why is this needed

In some cases, a machine being provisioned may not be in time sync with the provisioner. In these cases, linuxkit is unable to download the tink-worker image from the registry because the registry's certificate is in the future. (not yet valid) Setting a backdate of anything over 24hrs will account for differences in timezone between target machine and provisioner.

Fixes: #

## How Has This Been Tested?

These configuration were used to successfully provision multiple bare metal servers.

## How are existing users impacted? What migration steps/scripts do we need?

This should not impact existing users or require mitigation steps.

## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade

Author: mergify[bot]

deploy/compose/generate-tls-certs/ca-config.json

@@ -5,6 +5,7 @@
     },
     "profiles": {
       "server": {
+        "backdate": "48h",
         "expiry": "8760h",
         "usages": [
           "signing",

deploy/compose/generate-tls-certs/ca-csr.json

@@ -1,5 +1,9 @@
 {
   "CN": "Tinkerbell CA",
+  "ca": {
+    "backdate": "48h",
+    "expiry": "8760h"
+  },
   "key": {
     "algo": "ecdsa",
     "size": 256