Add support for signature_algorithms_cert extension

[[nmav: I'm not sure if it makes sense to implement that at all; it is a SHOULD requirement]]

   TLS 1.3 provides two extensions for indicating which signature
   algorithms may be used in digital signatures.  The
   "signature_algorithms_cert" extension applies to signatures in
   certificates and the "signature_algorithms" extension, which
   originally appeared in TLS 1.2, applies to signatures in
   CertificateVerify messages.  The keys found in certificates MUST also
   be of appropriate type for the signature algorithms they are used
   with.  This is a particular issue for RSA keys and PSS signatures, as
   described below.  If no "signature_algorithms_cert" extension is
   present, then the "signature_algorithms" extension also applies to
   signatures appearing in certificates.

   The "signature_algorithms_cert" extension was added to allow
   implementatations which supported different sets of algorithms for
   certificates and in TLS itself to clearly signal their capabilities.
   TLS 1.2 implementations SHOULD also process this extension.

Given the above, we most likely need to support that extension only as server and not as client, because all the algorithms we support for certificates match the set we support for TLS.