[cert] Add certificate parsing

[mcy]

This PR adds a generic interface for parsing certificates as part of future trust chain processing.

For now, we only have X.509 parsing, but future PRs will add OpenDice-profiled, CBOR-encoded CWT certificates. While I really, really didn't want to write an X.509 parser, it seems unavoidable as a confluence of:

• Cerberus conformance needs it.
• No existing X.509 library in Rust is pedantic in the right way; Brian Smith's webpki library is profiled for, well, the Web's PKI, which is a bit incompatible with what we need to do here.

This PR isn't done; I still need to add unit tests and fuzz tests.

In the name of small CLs, fuzz tests and comprehensive parser tests will be in a followup.

[mcy]

Dear reviewer: this PR adds a number of test files and binary files generated from them. I suggest not reviewing anything other than the Rust files and the little script that generates the test data.