Allow a master to bootstrap itself with dns_alt_names and autosign
When using autosign, a puppet master which is also a CA will attempt to
autosign its certificate request via the normal autosign process, rather
than its typical bootstrap process. Thus, the puppet master would
inadvertently refuse to sign its own certificate request if the CSR
contained DNS alt names. This changes the CA to allow DNS alt names in a
CSR if that CSR is for the certname of the master on which the CA is
running.