fix: correctly detect expired cert (vs CA)

[vladimir-mencl-eresearch]

In OpenSSL certificate chain dump, depth=0 corresponds to the leaf (end-entity) certificate (not root CA).

rad_eap_test was incorrectly reporting CA certificate expired for an expired leaf certificate.

Fix the logic by:

• renaming the depth=0 pattern from root_certificate to leaf_certificate
• swapping around whether the pattern should match (certificate) vs should not match (CA certificate)