When signing a request for an intermediate CA using --subca-len=N:

For a Sub-CA, the current method to apply 'pathlen:N' to CA basicConstraints
over-writes all user set basicConstraints.

Replace that with an awk script which reads the current x509-types/ca file;
selects the last occurence of 'basicConstraints' (As does OpenSSL) and then
prints that line, with ", pathlen:$EASYRSA_SUBCA_LEN" appended, into the
temporary x509-types/ca file.

If no CA basicConstraint is found then exit with an error. Reason:

Easy-RSA default CA basicConstrain will always be defined. If that is changed
by the user, who then attempts to use Easy-RSA to append 'pathlen' then that
is an error. Easy-RSA must not insert a default when the default has been
deliberately removed.

Closes: OpenVPN#691 - Original bug report.
Closes: OpenVPN#692 - First use of awk as a solution. [Credit]

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Move show_host() to cleanup() and only call it when die() was called.
This allows for confirm() Aborted to exit without extended error data.

Move detect_host after options processing. Allows for use of options.
eg: --verbose

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>