Cert-checker: Ignore incorrect PSL checks

[cpu]

globalsign/certlint, used by cmd/cert-checker improperly flags certificates that have SANs equal to a private entry in the public suffix list as faulty, producing output like:

{u'fafe28b753a2e612d0221f85a1543af71a9c': {u'valid': False, u'problems': [u'Certificate CommonName "dev-myqnapcloud.com" equals "dev-myqnapcloud.com" from the public suffix list', u'Certificate subjectAltName "*.dev-myqnapcloud.com" equals "dev-myqnapcloud.com" from the public suffix list', u'Certificate subjectAltName "dev-myqnapcloud.com" equals "dev-myqnapcloud.com" from the public suffix list']}

See globalsign/certlint#17

Like OCSP Must Staple and the Subj. CN check we should ignore this error in cert-checker while the problem is addressed upstream:

boulder/cmd/cert-checker/main.go

Lines 215 to 230 in 76973d0

	// commonName has been deprecated for years, but common practice is still
	// to include it for compatibility reasons. For instance, Chrome on macOS
	// until very recently would error on an empty Subject (which is what we
	// would have if we omitted CommonName). There have been proposals at
	// CA/Browser Forum for an alternate contentless field whose purpose would
	// just be to make Subject non-empty, but so far they have not been
	// successful. If the check error is `certlintCNError`, ignore it.
	if err.Error() == certlintCNError {
	continue
	}
	// Certlint doesn't presently understand the RFC 7633 OCSP Must Staple
	// extension. While this is unaddressed in the upstream library we ignore
	// this error like we ignore `certlintCNError`.
	if err.Error() == certlintOCSPMustStapleError {
	continue
	}