It would be useful if Foreman could support setting adding a Puppet CA autosign entry when only using the finish scripts functionality.

Background:
We are using Terraform to provision resources into an Openstack cloud.
As part of the provisioning process, we'd like to register the hosts into Foreman. I've done some work to update the cloud-init-foreman module to support running the finish scripts provided by Foreman, however I've hit an issue whereby Foreman isn't automatically adding an autosign entry on calling '/unattended/finish', even if the host is marked as 'build => true'.

Looking at the code, I can see in unattended_controller.rb#L18, ':handle_ca' is only run when calling '/unattended/provision'.

I'd propose that a feature flag is added to enable/disable ':handle_ca' on finish scripts, and if true, ':handle_ca' is also run when calling '/unattended/finish'.