optional: draft-ietf-tls-tls13-23: add support for signature_algorithms_cert extension
[[nmav: I'm not sure if it makes sense to implement that at all; it is a SHOULD requirement]]
TLS 1.3 provides two extensions for indicating which signature algorithms may be used in digital signatures. The "signature_algorithms_cert" extension applies to signatures in certificates and the "signature_algorithms" extension, which originally appeared in TLS 1.2, applies to signatures in CertificateVerify messages. The keys found in certificates MUST also be of appropriate type for the signature algorithms they are used with. This is a particular issue for RSA keys and PSS signatures, as described below. If no "signature_algorithms_cert" extension is present, then the "signature_algorithms" extension also applies to signatures appearing in certificates.
The "signature_algorithms_cert" extension was added to allow implementatations which supported different sets of algorithms for certificates and in TLS itself to clearly signal their capabilities. TLS 1.2 implementations SHOULD also process this extension.
Given the above, we most likely need to support that extension only as server and not as client, because all the algorithms we support for certificates match the set we support for TLS.