(#2848) CSR subjectAltNames handling while signing.

The puppet cert application now supports the --allow-subject-alt-names command
line flag to specify that the certificate to sign should contain a
subjectAltName extension request.

If the option is not specified, an attempt to sign a certificate with alt
names will fail. Similarly, if the option is specified, an attempt to sign a
certificate without alt names will fail.

The latter behavior is deliberate, and is intended to help stop users from
developing a habit of always supplying the option, and thus accidentally
signing a dangerous certificate without realizing it when one comes along.

It also adds the --subject-alt-name option that will add a subjectAltName
extension request to a CSR when it is generated. This allows an additional
service to be bootstrapped with those names.

Generally only one of the two options should be required, as the CSR and the
signing process are distinct.

Mostly by Nick Lewis, additional code by Daniel Pittman

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>