Support verifying/accessing SCTs inside certificates

[ctz]

If we supported SCTs here we could enable people wanting to do CT verification of the certificates they see.

We could either do this directly by taking a dependency on sct.rs and requiring certificate validation to take a set of sct::Logs. It's more integrated but less flexible.

Alternatively we could let callers access the SCTs given a EndEntityCert and do the verification themselves outside this crate, after they've done other checks.