letsencrypt
Add AlreadyRevoked handling to revokedCertificates table inserts
Within sa.addRevokedCertificate, detect if the insert failed due to a duplicate primary key, and return berrors.AlreadyRevoked in that case. This matches the behavior of sa.RevokeCertificate when an update to the certificateStatus table modifies no rows.
This change has no immediate impact, because addRevokedCertificate is only called after RevokeCertificate's update to the certificateStatus table has succeeded: if the first operation returns AlreadyRevoked, this code is never reached. However, we plan to remove the certificateStatus table in the future, so this code will need to return AlreadyRevoked when appropriate.
Part of https://github.com/letsencrypt/boulder/issues/8322
[!WARNING] ~~Do not merge before https://github.com/letsencrypt/boulder/pull/8427~~ Do not merge before IN-11835 is complete
I've updated this PR to make the serials index unique, and then rely on detecting duplicate inserts, like the first draft. I've updated IN-11835 to indicate that the new index should be unique. I think that including the index update in this PR, rather than as a predecessor PR that must be deployed first, is fine because the inserts into this table are still actually protected by the updates to the certificateStatus table. PTAnotherL?