Add support for revoking certificates not inside the state directory

[hlandau]

Currently in order to revoke a certificate not registered inside the state directory, you have to import it first, and optionally its private key. The ability to specify a certificate and key file not inside the state directory would be nice.