checked_redis_source: use more efficient SQL query

[jsha]

Right now checked_redis_source uses sa.SelectCertificateStatus to get a status to check against. However, it only needs a few fields: status, revokedReason, and revokedAt. We can make our query only touch those fields, reducing bytes read from disk and transferred.

[aarongable]

I'm going to expose the new SA.GetCertificateStatus2 (name pending) method both as a method on the SA object and as a gRPC method. This way we can experiment with having the ocsp-responder talk to the database via the SA, rather than via its own direct database connection, which will allow us to simplify some network and firewall configuration.