Handle reloading of robot certificates
New-style robot certificates have a lifetime of 11.5 days. But because a GraceDb
client instance loads the certificates upon instantiation (and that's it), long-running instances of the client will eventually use an expired certificate (even if a new certificate has since been generated from the keytab). So we need a mechanism for automatically reloading the certificate somehow.