feature request: function to read certificate expiration date

[lesinigo]

It would be good to have a function to read certificate expiration date.

My use case would be along these lines:

• if certificate expires more than X days in the future, do nothing
• if it expires less than or equal to X days in the future, notify an exec that would delete the certificate file and its key
• then openssl::certificate::x509 (which I'd mark to require the exec before it, to force correct ordering) would simply re-generate a new key and a new cert
• then anything subscribing openssl::certificate::x509 would take care of application reloads and the like