Create and use ephemeral TLS credentials if none are explicitly configured
If the admin asks kresd to listen using TLS, but they haven't given any credentials, we should just create some credentials and try to serve them up.
This makes it much easier to get dns-over-tls working in opportunistic mode immediately (with no configuration needed), and admins can take the next step (with proper persistent credentials) when they have those logistics worked out.