This increases isolation of actions against the node API. With the
previous combined CA approach, each node would have a valid key to talk
to each other node. With this separated approach, only the API servers
will have keys with access to the node APIs.
Change-Id: I2705016eb963ca9d2cc2a344047677f4b2cc3025