(#15595) Offer better errors for certificate validation errors
The verify_callback callback gets an OpenSSL::SSL::SSLContext for each
certificate in the chain that's verified. If the verification failed,
then SSL provides a nice error to the callback, but that error doesn't
appear in the subsequent OpenSSL::SSL::SSLError.
This patch uses a technique similar to that used for peer_certs to
collect those errors and then add them to the Puppet::Error message
later.
Remove the guess at the error (time sync).