Import pkcs12_parse() function from GnuTLS to fix PKCS#12 handling
An immediate effect is that this fixes the checking of cert expiry for
PKCS#12 certificates.
But it also means we can include the full supporting chain of
intermediate CAs (which has to be pre-assembled before we ever call
gnutls_certificate_set_x509_key() and can't be appended later), and we
can use the extra certs from the PKCS#12 file too, which parse_pkcs12()
currently doesn't bother to give us.
The plan is to fix parse_pkcs12(), submit the changes back upstream and
make it an exported function there, then stick a version-conditional on
our local copy and look forward to the day when we can rip it out again.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>