Add opinionated handling of certificates with empty SubjectName fields

[str4d]

Suggested by @tarcieri. This would enable CommonName to be omitted from a certificate. However, before exposing this in x509::write::tbs_certificate (making either issuer or subject optional), we should ensure that we are still generating valid certificates. It appears that an empty Subject is valid under RFC 5280, but is not guaranteed to be compatible (and e.g. a non-empty CN is currently required under CA/B rules).

[tarcieri]

I believe a certificate with an empty subject also needs a critical SAN to be valid.

The alternative to an empty subject which my understanding is more compatible is including something in the subject to make it non-empty. I believe dnQualifier has been (ab)used for this purpose (set to e.g. a random nonce).

[str4d]

Recent updates:

• As of Add support for hierarchical SubjectName and IssuerName fields #4 we now take a &[] instead of &str, so it is now possible to serialize a certificate with empty subject or issuer fields.
• As of Add support for certificate extensions #3 we support certificate extensions, but we don't yet have built-in support for SANs.

So the remaining work is to either add SAN support (and then require either a subject or SAN), or translate an empty subject into a non-empty field.