Is Puppet or Chef suitable for managing very basic server config in a multi tenant environment?
Solution 1:
Try Ansible (ansible.cc). May be it is for you. There is no agent running on your clients. It is growing very fast.
Another very good alternative is Salt Stack.
Ansible and Salt are easy to understand, you can use them as a command line tool if you want, like distributed shell.
Solution 2:
Yes, this is certainly possible. Deciding if you should do so or not is up to you though.
Regarding your queries:
1) fair enough. The traffic is ssl based, so certificate management is important. Also don't trust any 'facts' which the client supplies relating to its identity, as these can be altered by the client. You want to rely on the client's ssl certificate to provide the authentication of who the server is. To be honest if you're using things like hiera properly and avoiding huge hostname based if-blocks in your code (which you really should) you'll be fine.
2) It shouldn't be, assuming you keep it patched. Properly configured, there's only a small vector for the puppetmaster to be attacked by the clients. That said, the effects if it did get compromised are large, so take care to lock it down.
3) That's really a testing and deployment issue. If you have solid puppet code, it won't screw your files. It does take a little while to get that sorted, but for the basics (like you need) not long.