openvpn: T7738: avoid duplicate certs during 1.3 -> 1.4 migration

[c-po]

Change summary

When migrating from VyOS 1.3 to 1.4, OpenVPN interfaces sharing the same certificate (chain) end up getting duplicated certificate entries, one per interface — instead of reusing a single cert if applicable.

This change makes the migration logic detect shared certificates and reuse a single CA and server certificate objects, preventing redundant certificate entries in the config.

Adds necessary embedded certificates to validate the migration logic. The CA used was generated using EasyRSA as described in our documentation: https://docs.vyos.io/en/1.3/configuration/interfaces/openvpn.html#generate-x-509-certificate-and-keys

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T7738

Related PR(s)

How to test / Smoketest result

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

CI integration ❌ failed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests VPP 👍 passed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests ❌ failed
• Config tests VPP 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed

[natali-rs1985]

test_config_load doesn't like this changes