[Deprecation] `Puppet::SSL::Certificate` Class

[silug]

Summary

Puppet::SSL::Certificate is explicitly marked deprecated in favor of Puppet::SSL::SSLProvider.

Evidence

• lib/puppet/ssl/certificate.rb:11 deprecates class and points to Puppet::SSL::SSLProvider.

Proposed OpenVox 9 Change

• Remove Puppet::SSL::Certificate compatibility class.
• Ensure internal certificate operations are mediated through SSL provider APIs.

Compatibility / Risk

• Medium to high risk for plugins or tooling directly instantiating this class.
• Requires migration communication and possibly a transition period strategy.

Implementation Notes

• Inventory call sites for Puppet::SSL::Certificate.
• Convert internal uses first, then remove class.
• Update docs/examples to use SSL provider objects.

Acceptance Criteria

• Deprecated class is removed from core.
• Core SSL workflows (CSR/cert fetch/inspect) remain functional.
• No deprecation references to this class remain in docs/tests.

Suggested Tests

• SSL integration tests for agent/server certificate lifecycle.
• Unit tests around certificate parsing/helpers now routed through supported SSL provider paths.

[binford2k]

deprecated in 3706292