identity: allow creating a role with a non-existent key

[fairclothjm]

This PR maintains the current behavior in 1.8 by ensuring that a role can be created with a non-existent key. Any change to this behavior would be a breaking change for those dependent on it.

Background

#12151 fixed a bug that allowed a role's token_ttl to be longer than the verification_ttl of the key it references. However that PR introduced a bug that would cause the creation of a role with a non-existent key to fail with the error:

$ vault write identity/oidc/role/role1 key=key1 ttl=1m
Error writing data to identity/oidc/role/role1: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/identity/oidc/role/role1
Code: 400. Errors:

* a role's token ttl cannot be longer than the verification_ttl of the key it references

Since the current plan is to ship #12151 in 1.8.1 then we need to make sure this PR is also shipped in 1.8.1 to maintain backward compatibility with existing behavior.

Additionally, #12208 is planned to be shipped in 1.9 and will enforce the key param and key existence on role creation.

[calvn]

Additionally, #12208 is planned to be shipped in 1.9 and will enforce the key param and key existence on role creation.

Since #12208 is going to disallow this behavior, is this a stopgap in the meantime to avoid raising errors?

[fairclothjm]

Since #12208 is going to disallow this behavior, is this a stopgap in the meantime to avoid raising errors?

@calvn Yes, that is correct. This is to ensure the current behavior until 1.9

[calvn]

This was always the case, up until #12151 was introduced right? Since this is a bug fix for a PR within 1.8.1 and results in no behavioral change from the user, I wonder if we can just pr/no-changelog this one.

[fairclothjm]

Correct, thanks