All publicly-exposed attributes of a `Certificate` can now be set during construction, rather than needing to feed in data via a PEM-encoded certificate data. This will be important for relaying information from SCMs for error/verification reporting. These attributes make use of Djblets's new `UNSET` symbol and `Unsettable[T]` type, helping to differentiate between a value not yet supplied/computed and a `None` result from not having a source for the value on access. All validity timezones are now timezone-aware. We assert this when provided during construction, and normalize when loading from PEM data. There's a new function for determining if the `Certificate` represents a wildcard cert (checking for a `*` in the domain). This will be used in cert storage in an upcoming change. Unit tests have also been fleshed out, giving us 100% test coverage for `cert.py`.