Add `certSANs` template function to extract Subject Alternative Names from certificates

[mzdeb]

Is your feature request related to a problem? Please describe.

When external-secrets syncs certificates from providers (e.g. Vault PKI), users often need to extract the Subject Alternative Names (SANs) — the DNS names, IP addresses, email addresses or URIs that a certificate covers. Today there is no way to do this within ESO templating. Users have to run external scripts or add sidecar containers to parse PEM certificates and extract SANs, which adds operational complexity and breaks the declarative model.

Describe the solution you'd like

Add a new certSANs template function that accepts a PEM-encoded certificate string and returns a []string of all SANs. It should:

1. Parse a single PEM certificate and return DNS names, IP addresses, email addresses, and URIs.
2. Compose naturally with existing functions like filterPEM, filterCertChain, join, index, and toJson.