fix(verification): allow configuring old CAs for verification

[jiparis]

Support configuring expired CAs (not revoked) to verify attestations signed in the past. Those signatures were valid at the time those CAs were valid. Note that timestamp (TSA) signature verification is still happening (and essential for these cases).

Without this patch, any expired CA would cause a runtime error, preventing chainloop from starting.

certificate_authorities:
  - file_ca: # <-- this might be expired but still valid for verification of old signatures
      cert_path: ${FILE_CA_CERT_PATH:../../tmp/cert.pem}
      key_path: ${FILE_CA_KEY_PATH:../../tmp/key.pem}
      key_pass: chainloop
  - issuer: true
    file_ca:
      cert_path: ${FILE_CA_CERT_PATH:../../devel/devkeys/ca.pub}
      key_path: ${FILE_CA_KEY_PATH:../../devel/devkeys/ca.pem}
      key_pass: chainloop

Verification with expired CA is now possible:

✗ cldev wf run describe --id 5d26d431-c406-43dc-92c2-b580a2ef4a6d
DBG using config file path="/Users/jiparis/Library/Application Support/chainloop/config.devel.toml"
WRN API contacted in insecure mode
WRN Both user credentials and $CHAINLOOP_TOKEN set. Ignoring $CHAINLOOP_TOKEN.
┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Workflow                                                                                                                                           │
├─────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ ID                          │ b3c301a9-298d-4e9d-af0f-4928927792cf                                                                                 │
│ Name                        │ mywf                                                                                                                 │
│ Team                        │                                                                                                                      │
│ Project                     │ my-project                                                                                                           │
│ Version                     │ v1.75.0+next (prerelease)                                                                                            │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Workflow Run                │                                                                                                                      │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ ID                          │ 5d26d431-c406-43dc-92c2-b580a2ef4a6d                                                                                 │
│ Initialized At              │ 09 Feb 26 10:49 UTC                                                                                                  │
│ Finished At                 │ 09 Feb 26 10:49 UTC                                                                                                  │
│ State                       │ success                                                                                                              │
│ Policy Status               │ passed                                                                                                               │
│ Runner Link                 │                                                                                                                      │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Statement                   │                                                                                                                      │
├─────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Payload Type                │ application/vnd.in-toto+json                                                                                         │
│ Digest                      │ sha256:1eb71fe31b0bb764d801b49bd1f554b3a11f818620aed33371c384e5a2e93523                                              │
│ Verified                    │ true                                                                                                                 │
│ Policies violation strategy │ ENFORCED                                                                                                             │
│ Policy enforcement bypassed │ false                                                                                                                │
│ Attestation View URL        │ http://localhost:3000/u/my-org/workflow-runs/sha256:1eb71fe31b0bb764d801b49bd1f554b3a11f818620aed33371c384e5a2e93523 │
└─────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Fixes #2716