Add "rotate NATS Certificate" job to self update jobs

[RichardBradley]

The "rotate NATS Certificate" job needs to be run at least once a year on control-tower, otherwise the system breaks and is very difficult to recover.

See https://github.com/EngineerBetter/control-tower/blob/master/docs/troubleshooting.md#nats-certificate-is-expired and #334

A job to do this automatically on a set schedule ought to be included out of the box in the "self update" section.

If there is some reason this can't be done automatically, the documentation ought to explain how to set this up manually, so the install doesn't fail yearly.

[BinaryTweedDeej]

Hey @RichardBradley, thanks for your continued engagement. Just checking that you saw on the README that EngineerBetter is no more, and the team that used to work on this has dispersed.

I don't know if @crsimmons, one of the originators, might still be looking at it?

[RichardBradley]

Thanks, yes.

We're still using control-tower, so I've been adding & updating issues partly in case the project gets revived and partly for my own reference.

I suppose eventually we'll need to either fork this or move away (either to another mechanism for hosting Concourse, or to another CI).

Please let me know if you have any recommendations for replacements for control-tower