update ca_is_ca citations, language, expand test coverage

[mhyder13]

Overview

• Updated the citation strings for lint_ca_is_ca
• Added a comment with the current version of the requirement language and historical references for every previous version of the Baseline Requirements
• Added some new test cases to cover the checkApplies() and an (incorrectly encoded) explicit false for isCa in the basic constraints
  • That checkApplies() probably looks odd at first glance, but it's more sane than it appears. If there's no basic constraints extension included at all, zlint will interpret the cert as a server certificate and flag it for e_sub_cert_key_usage_cert_sign_bit_set instead. That's defensible enough, since it is a server cert with certSign set, and it means there's no detection gap here.
  • Fundamentally, this lint is a bit of an oddball trying to detect improperly encoded intention from only the resulting certificate which is always going to be somewhat of a guessing game, so I decided not to pitch any changes to its detection logic.
• Refactored tests into a table-driven test based on previous feedback

Documentation References

(Fragment links should go directly to the sections.)

• v1.0 Appendix B
• v1.2.5 Appendix B
• v1.3.0 §7.1.2.1
• v1.3.0 §7.1.2.2
• v1.8.7 §7.1.2.1 & §7.1.2.2
• v2.0.0 §7.1.2.1.4
• v2.0.0 §7.1.2.10.4
• v2.2.6 §7.1.2.1.4
• v2.0.0 §7.1.2.10.4

[christopher-henderson]

Thank you very much for your ongoing effort on tracking down the historical migrations of CABF!