Fix key usage for issued certificates

[haydentherapper]

The key usage should be Digital Signature, not Key Cert Sign. The latter
requires that isCA also be asserted. The certificate's key is only used
to verify signatures, not certificates.

Note that this does not affect the GCP CA.

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

Summary

Ticket Link

Fixes #550

Release Note

Fixed key usage for issued certificates not from GCP CA Service

[haydentherapper]

@cpanato - We're going to want to cut a release with this fix before rolling out the new CA to production.

[codecov-commenter]

Codecov Report

Merging #549 (573705c) into main (851d95a) will not change coverage.
The diff coverage is 0.00%.

@@           Coverage Diff           @@
##             main     #549   +/-   ##
=======================================
  Coverage   35.47%   35.47%           
=======================================
  Files          18       18           
  Lines        1415     1415           
=======================================
  Hits          502      502           
  Misses        853      853           
  Partials       60       60           

Impacted Files	Coverage Δ
pkg/ca/x509ca/common.go	3.53% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 851d95a...573705c. Read the comment docs.