x509: CertificateBuilder w\ misuse resistance + best practices support #418
Description
Prior discussion: https://github.com/iqlusioninc/yubikey.rs/pull/348/files/1dd3aa37596f0f60db597b17d77a101d53445ab4#r804122161
One thing that would be nice to have is a builder type for constructing an X.509 certificate which provides a higher-level API aimed at reducing choice and potential errors when constructing certificates.
It could take care of constructing the actual TbsCertificate type, as well as signing that and constructing the final Certificate. It could also own the data for the various fields, allowing the serialization types to borrow them, so it doesn't require a lifetime.
We could potentially use tooling like certlint and/or zlint to ensure that certificates generated by this builder follow best practices.