Add Identity Service for Certificate based Authentication

 Current Situation

For any identity service it is possible to define the Authentication-Scheme as single-factor or two-factor.

When single-factor is defined there are two options

For the identity service types JOC and VAULT-JOC-ACTIVE it is possible to define the single-factor with

• Password single-factor
• Certificate single-factor

When second-factor is defined then the second factor always is "certificate".

Desired Behavior

For any identity service it is possible to define the Authentication-Scheme as single-factor or two-factor.

When single-factor is defined for JOC and VAULT-JOC-ACTIVE it is always

• Password single-factor

A new identity service "certificate" will be introduced.
The identity service will have the attribute "isSecondFactor=true|false".

When isSecondFactor=true then this identity service can be used as a second factor in other identity services.

When isSecondFactor=false then this identity service can be used as a first factor. This means it is sufficient to login with the certificate.
(Was single-factor + Certificate single-factor=true)

When second-factor is defined in any identity service the second factor can be selected from a list of all identity services with the type "certificate" that have the attribute isSecondFactor=true.
(Was implicite choosen by the identity services).