All publicly-exposed attributes of a Certificate can now be set during

construction, rather than needing to feed in data via a PEM-encoded

certificate data. This will be important for relaying information from

SCMs for error/verification reporting.
These attributes make use of Djblets's new UNSET symbol and

Unsettable[T] type, helping to differentiate between a value not yet

supplied/computed and a None result from not having a source for the

value on access.
All validity timezones are now timezone-aware. We assert this when

provided during construction, and normalize when loading from PEM data.
There's a new function for determining if the Certificate represents

a wildcard cert (checking for a * in the domain). This will be used in

cert storage in an upcoming change.
Unit tests have also been fleshed out, giving us 100% test coverage for

cert.py.

Unit tests pass.