Support importing and finding certificates

[bernard-wagner]

Current it is not possible to load certificates as x509.Certificates from an HSM. It would be beneficial to be able to import and find certificates for supported PKCS11 devices.

CK_OBJECT_CLASS class = CKO_CERTIFICATE;
CK_CERTIFICATE_TYPE certType = CKC_X_509;
CK_UTF8CHAR label[] = “A certificate object”;
CK_BYTE subject[] = {...};
CK_BYTE id[] = {123};
CK_BYTE certificate[] = {...};
CK_BBOOL true = CK_TRUE;
CK_ATTRIBUTE template[] = {
  {CKA_CLASS, &class, sizeof(class)},
  {CKA_CERTIFICATE_TYPE, &certType, sizeof(certType)};
  {CKA_TOKEN, &true, sizeof(true)},
  {CKA_LABEL, label, sizeof(label)-1},
  {CKA_SUBJECT, subject, sizeof(subject)},
  {CKA_ID, id, sizeof(id)},
  {CKA_VALUE, certificate, sizeof(certificate)}
};

[dmjones]

Finding existing certificates and presenting them as *x509.Certificate objects seems like a reasonable thing to do.

For similar reasons to my comments in #15, I'm not convinced we should add certificate import support. If you can describe potential use cases where using miekg/pkcs11 wouldn't suffice, please let me know.

[dmjones]

Fixed in #53.