Add DOE CA certs for client authentication

[felddy]

🗣 Description

This PR adds the certificates required to authenticate Department of Energy PIVs.
It generalizes how certificates are downloaded and processed to make it easier to add additional certificate authorities in the future.

💭 Motivation and context

Changes required to support national labs users who are holders of DOE PIVs.

🧪 Testing

Local testing of certificate downloads. CI test suite.

📷 Screenshots (if appropriate)

✅ Checklist

• [x] This PR has an informative and human-readable title.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] All relevant type-of-change labels have been added.
• [x] I have read the CONTRIBUTING document.
• [x] These code changes follow cisagov code standards.
• [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• [x] All new and existing tests pass.

[jsf9k]

@felddy - regarding your failed builds, the ufw issue is usually resolved by rerunning, possibly multiple times. I haven't yet been able to pin down the cause of it. More important is the "invalid cross-device link" error.