Configure aggregate-crls to include/exclude different CRLReasons

[jcjones]

RFC 5280 defines an extension CRLReason:

id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }

CRLReason ::= ENUMERATED {
     unspecified             (0),
     keyCompromise           (1),
     cACompromise            (2),
     affiliationChanged      (3),
     superseded              (4),
     cessationOfOperation    (5),
     certificateHold         (6),
     removeFromCRL           (8),
     privilegeWithdrawn      (9),
     aACompromise           (10) }

We should be able to configure include/exclude filters as to which reasons should be considered included for CRLite. Be sure that one of the options is the "extension not set" option.