Generate sample revoked DACs and PAI certs for 0xFFF1 vendor ID

[tcarmelveilleux]

Need to generate CRLs for revocation testing.

• 3x DACs with different serial numbers for VID 0xFFF1, PID 0x8001

  • Signing PAI is ./credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.pem and /credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-Key.pem
  • Issue the DACs with that PAI
  • Revoke them
  • Create a CRL for the PAI that includes the 3 revoked DACs

• Create 1 new PAI with the test VID=FFF1 PAA (./credentials/development/paa-root-certs/Chip-Test-PAA-FFF1-Cert.pem and ./credentials/test/attestation/Chip-Test-PAA-FFF1-Key.pem

  • Issue a DAC with that PAI for PID 0x8001
  • Revoke the PAI
  • Create a CRL for the PAA that includes that new PAI's cert

The CRLs will need to be hosted permanently in a CDN. The CRLs need to list a reasonably long NextUpdate time.

[tcarmelveilleux]

FYI @CBonnell

[shubhamdp]

Also add a set of CRLs and certs for the indirect CRL signing use cases.

Please see #36838 (review) for more details

[shubhamdp]

Checklist:

• CRL signed using PAA delegated CRL signer
• CRL signed using PAI delegated CRL signer
• CRL with Issuing Distribution Point CRL extension with the matching GeneralName URI (da_revocation: sample revoked DACs and PAI certs for VID:0xFFF1 PID:0x8001 #36838 (comment))
• CRL with Certificate Issuer CRL entry extension, each entry has the extension
• CRL with Certificate Issuer CRL entry extension, only first entry has the extension