Add CRL lookup callback

[goatgoose]

Resolved issues:

Part of https://github.com/aws/s2n-tls/issues/3499

Description of changes:

This PR adds a new async callback, s2n_crl_for_cert, that's triggered in s2n_x509_validator_validate_cert_chain. This callback is triggered once for each received certificate to retrieve all of the required CRLs needed to perform CRL validation. These CRLs are passed to the libcrypto, and a CRL validation check is performed in the existing call to X509_verify_cert.

Call-outs:

No public API was added to set this callback. This, as well as public API documentation, will be added in a future PR, when the CRL feature is finished.

The max_connection_size was increased from 4150 to 4182. This is to account for 4 additional pointers added to s2n_connection:

• crl_for_cert
• data_for_crl_for_cert
• crl_stack in s2n_x509_validator
• crl_for_cert_contexts in s2n_x509_validator

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

• New unit tests were added in s2n_x509_validator_test that test this callback and related helper functions.

Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.