We switched to using `doc_auto_cfg` to automatically indicate in
Rustdocs when an item requires a particular feature. This comment about
the `dns_name::DnsName` re-export requiring alloc isn't necessary
anymore.

We switched to `doc_auto_cfg` and don't need to manually annotate
`cfg(feature ...)` annotations for docsrs purposes anymore.

This is what most consumers of the API are interested in, and avoids
needing to export the `GeneralDnsNameRef` and `WildcardDnsNameRef`
types.

We can express this test with the `expect_cert_dns_names` helper.

Prior to this commit the rustdoc comment on `EndEntityCert.dns_names`
mentioned using `verify_is_valid_for_dns_name` and
`verify_is_valid_for_at_least_one_dns_name`, but these functions don't
exist anymore.

This commit updates the comment to point to
`EndEntityCert::verify_is_valid_for_subject_name`, and does so with
a proper Rustdoc link so that future updates will be caught by `cargo
doc` if we forget to fix this reference to match.

The purpose of the `dns_names` helper on an `EndEntityCert` is to
provide users the opportunity to get information on the dNSName SAN
values in a certificate for **non-validation** purposes. Checking that
a certificate is valid for a particular name should always be done with
`verify_is_valid_for_at_least_one_dns_name`.

With that use-case in mind, we can make the `dns_names` helper easier
for consumers to use by filtering out invalid general names, returning
an `Iterator<Item = &'a str>` unconditionally, instead of
a `Result`. This better matches the updated name validation semantics
where we ignore `MalformedDnsIdentifier` errors to continue to try to
find a valid name to validate against.

With the update to the `dns_names` function in the previous commit we
can now make `EndEntity.dns_names` work without requiring `alloc`.

Avoid combinator chaining, use explicit `match`.

The From impl feels a little unidiomatic because the DnsNameRef is not
consumed. An AsRef impl would unnecessarily constrain the lifetime of
the output value to `&self`, whereas it can live as long as `'a`.

The From impl feels a little unidiomatic because the WildcardDnsNameRef is
not consumed. An AsRef impl would unnecessarily constrain the lifetime of
the output value to `&self`, whereas it can live as long as `'a`.

The From impl feels a little unidiomatic because the GeneralDnsNameRef is
not consumed. An AsRef impl would unnecessarily constrain the lifetime of
the output value to `&self`, whereas it can live as long as `'a`.

This commit lifts the free-standing `list_cert_dns_names` helper from
the `subject_name` module to be associated with a `Cert`. Doing so also
requires making the `subject_name::NameIterator` and
`subject_name::WildcardDnsNameRef` `pub(crate)` visible.