handle OID 220.127.116.11.4.1.1118.104.22.168 (x.509 extension for certificate transparency SCTs)
RFC 6962 §3.3 points out that this is where the list of Certificate Transparency SCTs are stored in the cert.
You can see this in some CA certification practice statements, documented as "One or more RFC 6962 Signed Certificate Timestamps".
It would be great if
certtool would read and identify the OID by name, list details from SCTs, and write this extension.
Note: one online reference claims that it's about "Extended validation certificates", but i think that reference is simply wrong.