Add a couple OTEL spans for key ACME operations (#42978)

<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #31289

server/mdm/acme/internal/service/account_order.go

@@ -49,6 +49,9 @@ func (s *Service) CreateAccount(ctx context.Context, pathIdentifier string, enro
 }
 
 func (s *Service) CreateOrder(ctx context.Context, enrollment *types.Enrollment, account *types.Account, partialOrder *types.Order) (*types.OrderResponse, error) {
+	ctx, span := tracer.Start(ctx, "acme.service.CreateOrder")
+	defer span.End()
+
 	// authorization is checked in the endpoint implementation for JWS-protected endpoints
 
 	if err := partialOrder.ValidateOrderCreation(enrollment); err != nil {
@@ -130,6 +133,9 @@ func (s *Service) createOrderResponse(
 }
 
 func (s *Service) FinalizeOrder(ctx context.Context, enrollment *types.Enrollment, account *types.Account, orderID uint, csr string) (*types.OrderResponse, error) {
+	ctx, span := tracer.Start(ctx, "acme.service.FinalizeOrder")
+	defer span.End()
+
 	order, authorizations, err := s.store.GetOrderByID(ctx, account.ID, orderID)
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "getting order from datastore")

server/mdm/acme/internal/service/challenge.go

@@ -37,6 +37,9 @@ var (
 )
 
 func (s *Service) ValidateChallenge(ctx context.Context, enrollment *types.Enrollment, account *types.Account, challengeID uint, payload string) (*types.ChallengeResponse, error) {
+	ctx, span := tracer.Start(ctx, "acme.service.ValidateChallenge")
+	defer span.End()
+
 	challenge, err := s.store.GetChallengeByID(ctx, account.ID, challengeID)
 	if err != nil {
 		return nil, ctxerr.Wrap(ctx, err, "getting challenge by ID")

server/mdm/acme/internal/service/service.go

@@ -13,8 +13,12 @@ import (
 	"github.com/fleetdm/fleet/v4/server/mdm/acme/internal/redis_nonces_store"
 	"github.com/fleetdm/fleet/v4/server/mdm/acme/internal/types"
 	"github.com/fleetdm/fleet/v4/server/mdm/internal/commonmdm"
+	"go.opentelemetry.io/otel"
 )
 
+// tracer is an OTEL tracer. It has no-op behavior when OTEL is not enabled.
+var tracer = otel.Tracer("github.com/fleetdm/fleet/v4/server/mdm/acme/internal/service")
+
 // Service is the ACME bounded context service implementation.
 type Service struct {
 	store     types.Datastore