Trivup

* `python3 -m trivup.clusters.KafkaCluster ..` now exits with the
interactive shells or --cmd's exit code.

* SslApp now adds subjectAltName=DNS:localhost to broker keystores so that
SSL endpoint verification can be used.

* SslApp now generates an additional unused CA, and a all_cas.pem file
that contains all(both) CA certs. This can be used to verify that CA PEMs
with multiple unrelated CA certs are properly parsed.

* SslApp: use DES encryption instead of RC2 for PKCS12 files, as RC2
is obsoleted (and disabled by default) in OpenSSL 3.
* SslApp: use genpkey instead of deprecated genrsa for generating keys.

* Added Oauthbearer/OIDC ticket server app (by jliunyu, 13)
* Fix race condition in Cluster.start() where it would check if the cluster
was operational after each app.start() rather than after starting all apps.
This only happened if a timeout was provided to Cluster.start()
* Clean up app config from None values. This fixes a case where "None" was
passed to the KafkaBrokerApp deploy script if no kafka_path was specified.
* Clear JMX_PORT env before calling Kafka scripts to avoid
'port already in use' when setting up SCRAM credentials.
* Added tests.

* Initial support for Kafka KRaft (run Kafka without Zookeeper).
Try it with `python3 -m trivup.clusters.KafkaCluster --kraft 2.8.0`
* Support for intermediate and self-signed certificates (by KJTsanaktsidis).