I've split the existing code in several new functions:
- load_certificates_from_pem (takes pem data as bytes)
- build_certificate_chain (takes a list of Certificates)
- validate_certificate_chain (takes a list of Certificates)
- validate_key (takes pem data as a string)
- validate_key_matches_cert (now takes a pem key string and a Certificate)
- extract_sans (now takes a Certificate)
- validate_end_entity_expired (now takes a Certificate)
- validate_end_entity_not_yet_valid (now takes a Certificate)
When a relevant exception arises, these functions raise a type of TLSValidationError,
these are appended to the list of errors when validating a cert.
