Include challenge password attribute if required by EST server

[mobe1]

The changes introduced come after the issue/feature requrest https://github.com/globalsign/est/issues/30 has been opened. They allow us to enroll a CSR that includes the TLS-unique value as recommended by the RFC 7030

• Because each http client instantiation results in a new TLS-unique, one way of including it would be to make EST requests from the same http client.
• Because the standard crypto/x509 Go package does not handle the challenge password attribute (OID) the way an EST/CA server expects it, the CSR creation had to be wrapped.

[toddgaunt-gs]

Thanks for opening this PR, I'll forward this to my team for review.

[toddgaunt-gs]

[ ] Need to resolve conflicts after upgrading to Go 1.22.1...