hs_pki/design/hs_pki_templates

End user:
	End user split in:
	 - soft stored certs
	 - obfuscated certs
	 - hardware secured certs

	End user:
	 - Client certs (auth)
	 - E-mail certs (signing)
	 - Encryption

	Device:
	 - TLS certs (encr/auth)
	  * server
	  * client
	  * server+client(?)

	All above should be issued per application or generally applications should
	leverage main user certificate