wfe: check well-formedness of requested names early

[jsha]

This allows us to give a user-meaningful error about malformed names early on, instead of propagating internal errors from the new rate limiting system.

This moves the well-formedness logic from WillingToIssue into a new function WellFormedDomainNames, which calls ValidDomain on each name and combines the errors into suberrors if there is more than one. WillingToIssue now calls WellFormedDomainNames to keep the existing behavior. Additionally, WFE calls WellFormedDomainNames before checking rate limits.

This creates a slight behavior change: If an order contains both malformed domain names and wellformed but blocked domain names, suberrors will only be generated for the malformed domain names. This is reflected in the changes to TestWillingToIssue_Wildcard.

Adds a WFE test case for receiving malformed identifiers in a new-order request.

Follows up on #3323 and #7218

Fixes #7526

Some small incidental fixes:

• checkWildcardHostList was checking pa.blocklist for nil before accessing pa.wildcardExactBlocklist. Fix that.
• move table test for WillingToIssue into a new test case for WellFormedDomainNames
• move two standalone test cases into the big table test

[jsha]

Spurious test failure from govulncheck because there's a security release of Go (1.22.4) and (I think) GitHub's concept of the "latest" Go version hasn't updated yet.