Prefetch TLS cert when miren route set is run

When miren route set links a subdomain to an app, the first request to that URL times out because TLS cert provisioning is triggered lazily on the first connection rather than when the route is configured.

We should kick off the TLS fetch immediately on route set so the cert is ready (or nearly ready) by the time the user opens their browser.