Add lints and metrics to show that linting works

[aarongable]

We can add a custom lint which, for example, rejects all certs for "lintreject.radianttest.org". Then we can have our automated issuance testing try to issue for that name, and confirm that it gets rejected by pre-issuance linting.

We should also add a metric which counts how often certs are rejected due to failing pre-issuance linting, and alert if that metric ever goes above zero (or above whatever the rate of the automated testing above is).

[jsha]

A refinement on the idea above: our metric should be parameterized by which lint fails, so we can check that the "caught by lint" rate is ==0, excluding the lintreject check.