NTS does not work with wildcard certificates

When an NTS-server is configured with a wildcard-certificate (such as ntppool1.time.nl at the time of writing this issue), NTPsec won't use it and it will log this:

2022-02-22T19:32:05 ntpd[4932]: NTSc: DNS lookup of ntppool1.time.nl took 0.016 sec
2022-02-22T19:32:05 ntpd[4932]: NTSc: connecting to ntppool1.time.nl:4460 => [2a00:d78:0:712:94:198:159:15]:4460
2022-02-22T19:32:05 ntpd[4932]: NTSc: set cert host: ntppool1.time.nl
2022-02-22T19:32:06 ntpd[4932]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256)
2022-02-22T19:32:06 ntpd[4932]: NTSc: certificate subject name: /C=NL/ST=Gelderland/O=Stichting Internet Domeinregistratie Nederland/CN=*.time.nl
2022-02-22T19:32:06 ntpd[4932]: NTSc: certificate issuer name: /C=NL/O=GEANT Vereniging/CN=GEANT OV RSA CA 4
2022-02-22T19:32:06 ntpd[4932]: NTSc: certificate invalid: 62=>Hostname mismatch

Tested on: ntpd ntpsec-1.2.1+61-gcfa361c4c

RFC8915 doesn't seem to prohibit the use of wildcard certificates (which makes sense in my mind). Also, Chrony works well with wildcards. Hence, I suspect this may be a bug/shortcoming of NTPsec.