cmd/gomoteserver: add configuration for GTS certificates

This change configures the gomoteserver to generate certificates using
GCP GTS. This only applies to gomotessh.golang.org. The
gomote.golang.org domain certificate is managed by the Kubernetes
cluster.

Change-Id: If8b1b358aa085657d87e1988cabaa67a211af983
Reviewed-on: https://go-review.googlesource.com/c/build/+/641077
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
diff --git a/cmd/gomoteserver/deployment-prod.yaml b/cmd/gomoteserver/deployment-prod.yaml
index 2a9e101..993df57 100644
--- a/cmd/gomoteserver/deployment-prod.yaml
+++ b/cmd/gomoteserver/deployment-prod.yaml
@@ -29,6 +29,9 @@
           - "-listen-https-selfsigned=:444"
           - "-private-host-key=secret:symbolic-datum-552/gomoteserver-private-host-key"
           - "-public-host-key=secret:symbolic-datum-552/gomoteserver-public-host-key"
+          - "-autocert-directory=https://dv.acme-v02.api.pki.goog/directory"
+          - "-autocert-email=go-builders@google.com"
+          - "-autocert-eab=secret:symbolic-datum-552/gomoteserver-certificates-eab"
         ports:
         - containerPort: 80
         - containerPort: 443