Add expected reason check to checkocsp

[yuriks]

We have automatic probing on OCSP responses, but it doesn't assert the revocation reason, which would've possibly caught #4880. checkocsp should have an (optional) flag to assert on that field so we can enable it in our probing.

(Side note: would be handy to make expected-status optional too so it's a bit more convenient to use the tool interactively.)

[aarongable]

@yuriks re the side note: it looks like -expect-status is optional (it has a default value of 0, to expect status=Good). Are you wanting a different default, different behavior, or just better documentation of that default value in the usage string?

[yuriks]

@aarongable It defaults to 0 (because all Go flags have defaults), but that behavior is to expect a Good status, instead of not expecting any particular status at all. This is mostly annoying because it causes checkocsp to not print out the parsed response in that case, so it's a bit of a chore when used interactively. (I'd probably be ok with making it print the parsed response always but keep returning the process error code as it does now.)