authentication: separate client keys per suite

[oliver-sanders]

Follow on to #3359

Create client keys per suite and store in the cylc-run directory.

• Client keys only exist for the lifetime of the suite, otherwise they would never be removed which is dangerous.
• Prevent the code from automatically re-generating client keys.
• Move the client keys from ~/.cylc/auth to ~/cylc-run/<SUITE NAME>/.service/auth, simplify directory structure.

[oliver-sanders]

Assigning @wxtim and @datamel to help us prioritise #3444.

[dwsutherland]

Please put this on hold until #3389 is merged, because the network code has been refactored (due to the new PUB/SUB pattern using the same security & logic).

[datamel]

No probs, will hold off until that is all done :)

[hjoliver]

(#3389 is merged)

[oliver-sanders]

Quick question, should we delete keys when the suite shuts-down or is it good enough to override the keys at (re)start?

Once the suite has shutdown I don't think there is a security issue with having the old keys kicking about as there is no longer a server listening, besides they are FS protected anyway. You could make the argument that if someone got access to your keys they could brute force them then use that to decrypt previously captured network traffic, with Cylc this isn't likely to get you anywhere (unless a suite is passing API keys via cylc message or something stupid like that). I think curve has some kinda forward protection which helps prevent this.

[dpmatthews]

I don't think we need to worry about deleting keys (and I can't see any way to do it reliably).