Empty logs sign wrong root hash

[mcpherrinm]

Per @AGWA on https://groups.google.com/a/chromium.org/g/ct-policy/c/v9JzlbphYBs/m/-blS5vMtAgAJ

Note that all cryptographic operations (such as hashes and signatures) are as specified by RFC 6962, so these APIs can be thought of as an alternative encoding format for the same data

at least 10 Sunlight logs have produced STHs with a tree size of 0 and an all-zero root hash, while RFC 6962 specifies that the root hash of an empty tree is the SHA-256 hash of an empty string.