Vendor Mozilla PKCS7 library

Previously we used https://github.com/fullsailor/pkcs7 to parse PKCS7 certificates when resolving a TLS chain.

This library appears to be unmaintained; there have no commits since 2019. Mozilla has a fork of this library: https://go.mozilla.org/pkcs7/, though the last commit was in 2021. However, the smallstep CLI (https://smallstep.com/cli/) uses this fork. This fork fixes a number of issues, including tests, but this fork also appears unmaintained.

Let's vendor it internally so that we can make fixes.

Relates to https://gitlab.com/gitlab-org/gitlab-runner/-/issues/36318