Change method of generating Certificate dates and serial numbers

[philipianpearce]

Update certificate generation. Possibly set start_date to 1st January 00:01 of current year and lifetime to +390 days and use the start date as part of the hash to create the serial no. This would automatically make sure that the up-to-date cert is used. See #624. For implementation in v5.5. AfterNote missed for v5.5 - will do in v5.6.dev

[philipianpearce]

Will test implementation in v5.6.dev and then retro-fix to v5.5.

[philipianpearce]

Further investigation shows that the browsers only enforce the 1 year limit on server certificates for public CA roots, so this limitation does not apply to e2g MITM as we are using corporate private rootCA.

However, we do need a method of re-generating server certs, whenever the rootCA or the begin or end date changes.

[philipianpearce]

When generating Serial numbers from host names a hash of the rootCA,
start_date and end_date is now added to the CN to produce a unique serial
number. This means that the serial number for a host will change if
the rootCA or start/end date is changed. This will force a re-generation
of the certificate.

The generated cert store should be cleared to remove the now stale
certificates previously generated.  This is to conserve disk inode space. 

(The cert cache will contain a cert file for every host accessed via MITM. 
On most systems this will many 10's of 1,000's.  As most of the certs will be regenerated 
with a new serial number and a new cert file failing to clear the cache may result in the 
file system running out of inodes)

Implemented in v5.6.dev and v5.5.

[philipianpearce]

Also note change of default generatedcertstart value to 1711926000 (= 1st April 2024)