Fix checking expiration of X.509 certificates

[illia-v]

Description

not_valid_after is a naïve datetime representing a moment in UTC. It should not be compared to a naïve datetime representing the current local date and time.

Also, the value is inclusive.

https://cryptography.io/en/3.4.6/x509/reference.html#cryptography.x509.Certificate.not_valid_after

[codecov]

Codecov Report

Merging #6678 (5966c86) into master (4d77ddd) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #6678   +/-   ##
=======================================
  Coverage   70.47%   70.47%           
=======================================
  Files         138      138           
  Lines       16494    16494           
  Branches     2073     2073           
=======================================
  Hits        11624    11624           
  Misses       4668     4668           
  Partials      202      202           

Flag	Coverage Δ
unittests	70.47% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
celery/security/certificate.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4d77ddd...5966c86. Read the comment docs.

[lgtm-com]

This pull request introduces 1 alert and fixes 1 when merging 5966c86 into 4d77ddd - view on LGTM.com

new alerts:

• 1 for Module is imported with 'import' and 'import from'

fixed alerts:

• 1 for Unused import