Switch max-lease-ttl -> max_lease_ttl inline with Vault API
docs to ensure that certs can be issued for more than 30 days.
Existing deployments with PKI enabled will be re-tuned to
set max_lease_ttl to 10 years, correcting any existing PKI
enablement.
Certificates must be re-issued to use the TTL as provided
during upload of the signed CSR for an Intermediate certificate.
For deploys using the internally signed Root CA, the root
CA must be re-generated using the 'disable-pki' and
'generate-root-ca' actions.
Change-Id: I6a771090e320404c605d2170c7915c3c22a3ea2c
Closes-Bug: 1788945
6f043bb7ca