Instead of trusting CSR id published by the node which tries to join the
cluster add a tool which is able to compare exposed CSR with one in caucase
and then decide to accept node in the cluster. This tool does what usual user
would do, and it's logic implemented as a script leads to much simpler profiles.

For sake of clean profiles csr_id has been removed, except when it's used for
self joining of the user to the cluster.