REST API endpoints for adding/removing group CA for a top-level group

Overview

It should be possible for a group admin (users that can change group settings) to list/add/remove group CA via REST API.

GET /api/v4/groups/:id/ssh_certificates lists all certificates created for a group
POST /api/v4/groups/:id/ssh_certificates

The endpoint should accept key (public key of CA), title (an arbitrary name for the key) and create Groups::SshCertificate record on a top-level group. The app/services/groups/ssh_certificates/create_service.rb can be extracted from Draft: Support uploading CA files to a group (!126741 - closed). If the group is not a top-level group, the request is rejected (400 or 422). Let's also put this functionality behind a feature flag, so we could release it along with other functionality related to SSH certificates.
DELETE /api/v4/groups/:id/ssh_certificates/:ssh_certificate_id should delete the record. A separate service class may be defined but it's not necessary since it's as simple as certificate.destroy

Add new specs for new GET, POST and DELETE endpoints under ee/spec/requests/groups.

Edited Nov 29, 2023 by Igor Drozdov