System and method for establishing dynamic trust credentials for network functions

What is claimed is: 1. A method, comprising: receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network, a software package and a certificate request token (CRT) for a network function, wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function; deploying, by the VIM, the network function; providing, by the VIM, the CRT to the network function; obtaining, by the network function and from the CRT, the network address of the trust anchor platform; generating, by the network function, a certificate signing request (CSR) to request a digital certificate; submitting, by the network function and to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR; and receiving, by the network function and based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters. 2. The method of claim 1 , further comprising: obtaining, by the management function, a software package for the network function; verifying, by the management function, the authenticity of the software package; generating, by the management function, the CRT; and sending, by the management function and to the VIM, the software package and the CRT. 3. The method of claim 1 , further comprising: binding, by the network function and prior to the submitting, the CRT to the CSR. 4. The method of claim 1 , wherein the CRT further includes custom information particular to rights granted to the network function. 5. The method of claim 4 , wherein the custom information includes one or more of: a type of request, a signature algorithm type, life-cycle management parameters, and a hash value based on the profile. 6. The method of claim 5 , further comprising: storing, by the management function and in a database, the hash value associated with an identifier for the network function, wherein the trust anchor platform retrieves the hash value from the database to compare to information in the CRT. 7. The method of claim 1 , wherein the CAL customization parameters include a validity time period for the digital certificate. 8. The method of claim 1 , further comprising: validating the CRT by the trust anchor platform; and generating the digital certificate by the trust anchor platform after validating the CRT. 9. The method of claim 1 , wherein the trust anchor platform includes a public key infrastructure system. 10. A system, comprising: a first network device including a first memory storing first instructions and a first processor configured to execute the first instructions for a virtualization infrastructure manager (VIM) of a virtualized platform to: receive, from a management function of a core network, a software package and a certificate request token (CRT) for a network function, wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function, deploy the network function, and provide the CRT to the network function; and a second network device including a second memory storing second instructions and a second processor configured to execute the second instructions for the network function of the virtualized platform to: obtain, from the CRT, the network address of the trust anchor platform, generate a certificate signing request (CSR) to request a digital certificate, submit, to the trust anchor platform, the CSR and the CRT, wherein the CAL customization parameters supersede parameters in the CSR, and receive, based on validation of the CSR and CRT, a digital certificate from the trust anchor platform, wherein the digital certificate includes limitations consistent with the CAL customization parameters. 11. The system of claim 10 , further comprising: a third network device including a third memory storing second instructions and a third processor configured to execute the third instructions for the management function to: obtain a software package for the network function; verify the authenticity of the software package; generate the CRT; and send, to the VIM, the software package and the CRT. 12. The system of claim 10 , wherein the second processor is further configured to execute the second instructions to: bind the CRT to the CSR prior to the submitting. 13. The system of claim 10 , wherein the CRT further includes custom information particular to rights granted to the network function. 14. The system of claim 13 , wherein the custom information includes one or more of: a type of request, a signature algorithm type, life-cycle management parameters, and a hash value based on the profile. 15. The system of claim 14 , further comprising: a fourth network device including a fourth memory storing fourth instructions and a fourth processor configured to execute the fourth instructions for the trust anchor platform, wherein the first processor is further configured to execute the first instructions to store, in a database, the hash value associated with an identifier for the network function, and wherein the fourth processor is configured to execute the fourth instructions to retrieve the hash value from the database to compare to information in CRT. 16. The system of claim 10 , wherein the CAL customization parameters include a validity time period for the digital certificate. 17. The system of claim 10 , further comprising: a fourth network device including a fourth memory storing fourth instructions and a fourth processor configured to execute the fourth instructions for the trust anchor platform to: validate the both the CSR and the CRT; and generate the digital certificate after successfully validating the CSR and the CRT. 18. A non-transitory computer-readable medium containing instructions executable by at least one processor, the computer-readable medium comprising one or more instructions for: receiving, by a virtualization infrastructure manager (VIM) for a virtualized platform and from a management function of a core network, a software package and a certificate request token (CRT) for a network function, wherein the network function is one of a virtual network function, a containerized network function, or another virtual entity (xNF) to be deployed on the virtualized platform, and wherein the CRT is digitally signed by the management function and includes a network address of a trust anchor platform for the network function, a profile for the network function, and a Certificate Attribute List (CAL) with customization parameters for the network function; deploying, by the VIM, the network function; providing, by the VIM, the CRT to the network function; o