Refactor CA tests to be table-driven

[jprenken]

In #7700 we removed the RejectLongCommonName test case, but we'd still like to test that the case is handled correctly; "correctly" just no longer means rejecting the CSR.

To get there, we should refactor these CA tests to be table-driven, which will be tidier and give us an elegant way to specify the behaviour we expect.