Option to specify CRL Distribution Point.

[skra-space]

Is your feature request related to a problem? Please describe.
If a certificate is compromised or has a mistake it must be revoked. To check if certificate is revoked we can use Certificate Revocation List — CRL.

The problem is that currently it is not possible to specify CRL Distribution Points. CRL has certain issues(wiki) but for organisations using cert-manager internally it will work fine.

Describe the solution you'd like
Desired CDP must be specified in certificate.yaml:

  crlDistributionPoints:
    - http://example.com

Then we check for it in Sign function and add CDP field to the certificate.

Describe alternatives you've considered
Our organization requires all issued certificates to include a CRL distribution point. Other possible solution would be OCSP, but implementing CRL is more straightforward.

Related issues and discussions
#1282, #392, #839

/kind feature

[skra-space]

The idea here is to add CRL Distribution Points field to the certificate CRD, then parse it in GenerateCSR function and add CDP to a certificate request where it can be used by issuers to add CDP to the final certificate.