Add env var to override default_days

[ruimarinho]

This is interesting so that you can have a root CA signing certificates valid for a certain validity (e.g. default_days = 5478 (~15 years) which would work for intermediate CAs, but at the same time allow itself to have a longer validity (e.g. 30 years).

PKICTL_CA_DAYS=10957 ./pkictl rootca sign

[clemtibs]

Thanks for your contributions! Just now getting around to reviewing these PRs. I haven't had a chance to test these yet but a couple of first glance questions:

1. I'm curious about how you use this particular function and why you need to switch default_days on the fly like this? My original thought was to keep as much as possible in configuration files to encourage a configuration-file-per-cert type of workflow and minimize CL complexity. If you notice, most of my configurable CL options are regarding modifying OpenSSL actions/behavior (extensions, policy) instead of run-of-the-mill configuration items regarding the certification artifacts themselves.
2. This idea is still mostly compatible with that type of workflow, but the lack of a default value for this variable is going to cause issues I think; won't it fail when null?
3. Also, if I'm not mistaken, CL options in openssl override config file options, which would mean that one would need to always supply PKICTL_CA_DAYS on the CL or in env vars every time you sign (because otherwise the value is null). By hardcoding that in, the same setting in the config file is ignored and that seems to be the opposite of what I want.

Thoughts?