Allow X509Chain to replace the root trust list when building a chain
This enables users of X509Chain to specify a priori a set of trusted root authorities, which is used in place of the default root authorities.
By explicitly specifying the root authorities the caller enables revocation checking for normally untrusted roots, and simplifies the certificate acceptance by having the chain engine tell them if the root matched, vs doing a post-build check (in the case of cross-certified authorities this even tells the chain engine which path to prefer).
Commit migrated from https://github.com/dotnet/corefx/commit/
e70e76159b3f34e4e35d241daf39d4f57f4bd82c