Add support for external account binding; add OCSP responder

[felixfontein]

Two features in the ACME test container I need to add testing for code yet-to-be-written for ansible-collections/community.crypto#89 (external account binding for acme_account) and ansible-collections/community.crypto#30 (OCSP revocation checking for certificate).

The Pebble upgrade is essentially just bumping to a newer version and adding some new config options. It works fine with the existing tests, I didn't try out the new features yet.

I've tested the OCSP part with OpenSSL CLI (ansible-collections/community.crypto@main...felixfontein:ocsp-test):

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: FF193F9527F879BB02B86E819C5236E7A9A3D8D1
          Issuer Key Hash: 1389463A5353BC31EB9838FC58670B0D5BC15EE4
          Serial Number: 0C5ED410847F3723
    Request Extensions:
        OCSP Nonce: 
            0410C2DF45FF51051DB19CC666053509B294
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: 1389463A5353BC31EB9838FC58670B0D5BC15EE4
    Produced At: Jul 27 15:14:25 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: FF193F9527F879BB02B86E819C5236E7A9A3D8D1
      Issuer Key Hash: 1389463A5353BC31EB9838FC58670B0D5BC15EE4
      Serial Number: 0C5ED410847F3723
    Cert Status: good
    This Update: Jul 27 15:14:25 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410C2DF45FF51051DB19CC666053509B294
    Signature Algorithm: sha256WithRSAEncryption
         aa:22:c8:41:9d:41:d4:81:da:eb:2c:e9:7a:16:f2:3e:42:bb:
         8a:2c:98:75:a0:73:62:40:b1:47:a9:8d:9a:7b:5b:74:5b:5c:
         96:bf:e6:17:ba:29:99:72:6b:6e:a9:e3:73:f8:1b:1c:ff:ee:
         be:00:ee:e3:5a:b8:a8:b6:22:31:92:3e:d5:aa:6e:65:d3:d4:
         48:2c:2a:bf:65:50:48:98:32:7c:ed:11:61:4b:2a:f7:b9:d3:
         4a:09:26:de:5c:b4:33:ee:8a:ba:e8:2b:7f:1a:1c:8b:76:21:
         78:af:12:8c:06:31:0d:32:9d:e9:82:2a:39:c3:85:5d:8e:7f:
         db:97:3d:f7:b1:1c:3e:2e:2a:d9:93:4d:89:95:29:5d:a1:ac:
         7d:54:1a:be:fc:52:76:b0:3a:f2:63:cd:9b:15:11:8f:e0:be:
         79:37:ca:ac:05:67:f2:b1:97:9e:9c:10:de:6d:3f:bb:4f:69:
         ca:30:df:e3:7c:e4:b5:4c:ff:d9:a6:c6:10:fe:89:f3:00:02:
         b6:96:dc:36:cd:c3:c4:fd:74:f5:56:c4:a4:d3:e8:00:97:01:
         c9:1e:90:b4:d9:22:c4:d6:84:34:1f:35:51:36:bc:84:79:cd:
         a3:9b:e0:84:0c:db:12:3e:69:2c:08:d0:5e:78:70:70:2e:81:
         11:49:9e:87
/root/ansible_collections/community/crypto/tests/output/.tmp/output_dir/cert-8.pem: good
        This Update: Jul 27 15:14:25 2020 GMT

For revoked cert:

OCSP Request Data:
    Version: 1 (0x0)
    Requestor List:
        Certificate ID:
          Hash Algorithm: sha1
          Issuer Name Hash: AB1B106511DDD3ABC56DAE3E32BE8804F9338733
          Issuer Key Hash: 264C6220053CE41307DF3F9DA4CD39EB4A8CEDFE
          Serial Number: 733FBCE13BD7D861
    Request Extensions:
        OCSP Nonce: 
            0410A80B2F2C96EAE6B2B518DF460C7F60C8
OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: 264C6220053CE41307DF3F9DA4CD39EB4A8CEDFE
    Produced At: Jul 27 15:34:06 2020 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: AB1B106511DDD3ABC56DAE3E32BE8804F9338733
      Issuer Key Hash: 264C6220053CE41307DF3F9DA4CD39EB4A8CEDFE
      Serial Number: 733FBCE13BD7D861
    Cert Status: revoked
    Revocation Time: Jul 27 15:34:06 2020 GMT
    Revocation Reason: unspecified (0x0)
    This Update: Jul 27 15:34:06 2020 GMT

    Response Extensions:
        OCSP Nonce: 
            0410A80B2F2C96EAE6B2B518DF460C7F60C8
    Signature Algorithm: sha256WithRSAEncryption
         85:f9:34:4e:be:86:36:23:a7:aa:f5:3e:aa:86:2c:3e:83:dc:
         d7:b9:a0:6b:db:4f:0e:c6:4e:8f:0d:b3:0f:c6:e2:8e:d6:2a:
         00:93:ad:6e:f2:79:02:d3:fc:80:e6:80:e5:7f:7f:0a:1c:00:
         cf:3c:54:3a:d3:6b:92:5e:e0:6e:81:e1:a5:73:46:d6:5d:6d:
         ed:b4:e3:c5:3b:09:e8:69:9b:98:fb:37:eb:55:21:d7:d7:2c:
         ea:79:40:1f:3d:09:4c:f5:7f:05:8a:32:ee:88:85:4a:46:9f:
         fb:49:24:b5:9c:d0:b6:13:b2:80:33:77:b0:b0:91:a4:90:de:
         63:36:9f:81:1a:f9:f6:17:62:a2:d9:f3:dd:af:1b:6e:70:6a:
         d7:34:89:7d:e9:b3:a4:6f:00:25:cc:2a:e5:93:3b:03:1d:29:
         b6:45:61:80:26:97:2b:45:ff:00:73:71:33:60:6e:96:87:77:
         af:07:51:58:ae:b8:19:08:a5:a2:14:49:89:05:78:3b:df:a7:
         e1:ff:86:31:15:90:d5:d5:fe:c9:ae:be:5b:cd:dd:fe:40:f2:
         e7:81:4a:1f:f2:98:ef:70:b5:21:e2:42:56:0a:42:5a:60:42:
         dc:1c:34:8a:e0:dd:44:4d:db:91:d4:ac:07:af:9c:e4:30:cf:
         76:67:21:f9
/root/ansible_collections/community/crypto/tests/output/.tmp/output_dir/cert-3.pem: revoked
        This Update: Jul 27 15:34:06 2020 GMT
        Reason: unspecified
        Revocation Time: Jul 27 15:34:06 2020 GMT

[felixfontein]

@mattclay thanks a lot for merging and releasing!