Cache server certificates for up to 30 min

The server certificates and corresponding keys are encrypted by KMS and stored on GCS. This allows us to easily replace expiring certs without having to roll out a new proxy release. However currently the certificate is obtained as a singleton and used in all connections served by a proxy instance. This means that if we were to upload a new cert, all existing instances will not use it.

This CL makes it so that we only cache the certificate for 30 min, after which a new cert is fetched and decrypted. Local certificates used for testing are still singletons.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=206976318

java/google/registry/proxy/EppProtocolModule.java

@@ -20,7 +20,6 @@ import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoSet;
-import google.registry.proxy.CertificateModule.ServerCertificates;
 import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
 import google.registry.proxy.Protocol.BackendProtocol;
 import google.registry.proxy.Protocol.FrontendProtocol;
@@ -161,9 +160,9 @@ public class EppProtocolModule {
   @EppProtocol
   static SslServerInitializer<NioSocketChannel> provideSslServerInitializer(
       SslProvider sslProvider,
-      @ServerCertificates PrivateKey privateKey,
-      @ServerCertificates X509Certificate... certificates) {
-    return new SslServerInitializer<>(true, sslProvider, privateKey, certificates);
+      Supplier<PrivateKey> privateKeySupplier,
+      Supplier<X509Certificate[]> certificatesSupplier) {
+    return new SslServerInitializer<>(true, sslProvider, privateKeySupplier, certificatesSupplier);
   }
 
   @Provides