Description of problem:
RFE - Option to add custom OID or display name in IPA Cert

Something like this should be accepted

Template display name: Foobar Subordinate Certification Authority
Object identifier: <custome oid>

ipa-server-install --external-ca-type=ms-cs --external-ca --subject="O=Foobar 
Corp/OU=Linux Dev/C=US/ST=NY/L=FooBar"

The OID that is created with the above installation options ends up having the
following:

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: O=Foobar Corp/OU=Linux Dev/C=US/ST=NY/L=FooBar, CN=Certificate Authority
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    <REMOVED>
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            1.3.6.1.4.1.311.20.2:
                .
.S.u.b.C.A
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
...

However some companies uses different time of naming convention & needs
different OID. For example something like below might be needed.

Template display name: Foobar Subordinate Certification Authority
Object identifier: <custom oid>

This is only for one environment, too. Two of our other environments do not
share the same OID. Due to these restrictions that we have, a dynamic name and
OID are necessary for us to actually be able to utilize the template field.

Justification:

It is not uncommon for organizations to utilize custom CA templates. They also
said that I may be off base by stating that an OID needs to be set; the
template name may be enough. Currently, though, I am not able to use the IdM
server as a sub CA like the feature --external-ca-type=ms-cs is implying.

Attempting this approach, will help avoiding another offline root CA, if at all possible.