test: add test certs for cert intent validation

[CarolYeh910]

Goal

Adds new test certificates that will be used to test the certificate intent validation

Why

Uploading a ton of test certs contributes to a huge PR. Thus, I separated it from the next PR that will officially enable the cert intent validation.

How

The test certificates being added are a bit complex, since they can't be self signed (s2n-tls won't validate the intent of trust anchors) and the extensions of individual certs in the chain need be modified. Hence, this PR adds a Python script to generate different combinations of the KeyUsage (KU) and ExtendedKeyUsage (EKU) extensions.

Changes overview:

1. Define a CertChainBuilder class that takes a list of CertConfig and invokes Python’s x509 module to build a certificate chain. Each CertConfig includes an array of ExtensionConfig, which represents a KU/EKU extension of an individual cert in the chain.
2. Implement a build() method to construct the cert chain (e.g. the current cert must be issued by the previous cert in the chain) and a write() method to store each individual cert, the cert chain, and the private key to a pem file.
3. Create a script generate.py to iterate over all the combinations of KU and EKU extensions that will be tested against the cert intent validation API and generate the test certs.

Testing

This PR does not affect existing behaviors. CI should pass.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.