Global option `--copy-ext` is not included in UT

[TinCanTech]

While deconstructing the awk/grep/sed soup, I found that --copy-ext is not tested. This means a lot of hairy code has gone untested for some time. Manual testing shows that --copy-ext does work correctly .. to some degree.

--copy-ext, $EASYRSA_EXTRA_EXTS, --san and --req-cn are all intrinsically linked, in unexpected ways. Commands gen-req and sign-req have contradictory results.

Unit testing --copy-ext will help. (This is a reminder - Fixed below)

In particular, I think that openssl-easyrsa.cnf should replace:

# A placeholder to handle the --copy-ext feature:
#%COPY_EXTS%    # Do NOT remove or change this line as --copy-ext support requires it

with

copy_extensions = copy

And remove copy_extensions = copy as required and/or when requested.

This is because: easy-rsa - Simple shell based CA utility.

Simplify ..

The priorities are:

• CA Admin must have ultimate control.
• This includes --san, commonName and fully expanded distinguished name.
• EASYRSA_EXTRA_EXTS must be relegated to undefined. To use EASYRSA_EXTRA_EXTS, the variable must be set to a valid SSL config file syntax, which is beyond the scope of Easy-RSA to control. (SAN has been elevated above this layer)
• --copy-ext should be enabled by default and options, such as --req-cn and --san should take priority over the CSR; with the option to opt out and accept the CSR as-is and then use --copy-ext by default.

You are welcome to help resolve this.

[TinCanTech]

Merged Add --copy-ext test, which addresses the Unit test.

Linked-to: #1093