[Deprecation] `certificate-authority.certificate-status` `client-whitelist` / `authorization-required` Settings

[silug]

Summary

client-whitelist and authorization-required in certificate-authority.certificate-status are explicitly deprecated and marked for future removal.

Evidence

• src/clj/puppetlabs/puppetserver/certificate_authority.clj:905 warns settings are deprecated and will be removed.
• src/clj/puppetlabs/puppetserver/certificate_authority.clj:909 repeats warning and indicates settings may be ignored in certain values.

Proposed OpenVox Server 9 Change

• Remove these certificate-status access-control settings.
• Require authorization through conf.d/auth.conf only.

Compatibility / Risk

• Medium to high risk if CA status workflows still depend on these section-level settings.
• Clear migration documentation required.

Implementation Notes

• Remove deprecated settings from CA validation and access-control paths.
• Update CA docs and configuration templates.

Acceptance Criteria

• Deprecated CA certificate-status whitelist settings are no longer accepted.
• Authorization behavior comes only from authorization service/rules.
• Deprecated warning code paths are removed.

Suggested Tests

• Config parsing tests for removed keys.
• CA certificate-status endpoint authorization integration tests.

[silug]

Deprecated in f88c2bf.