enable SMIMECapabilities when generating certificates

Description of the feature:

RFC 4262 indicates an X.509v3 extension for storing SMIME capabilities in an X.509 certificate.

RFC 8551 defines the values that can go in that extension.

The extension OID is:

smimeCapabilities OBJECT IDENTIFIER ::=
         {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
         pkcs-9(9) 15}

For example, a capability we might have could be represented in the certtool template, conditioned to only be requested if email_protection_key is set:

smime_compress_zlib -- if it is set in the template, and email_protection_key is set, then it would add an S/MIME Capabilities X.509v3 extension (or append to any existing one), containing the id-alg-zlibCompression OID from RFC 3274:

      id-alg-zlibCompress OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 8 }

and if smime_authenc_aesgcm256 is set tin the template, and email_protection_key is set, then it would add an S/MIME Capabilities X.509v3 extension (or append to any existing one), containing the appropriate identifier from RFC 5084.

(alternately, if you think the user should be able to set the ordering, we could define a fancier configuration syntax that knows a set of S/MIME capabilities, and allows the user to identify them in a list in the template, like so:

smime_capabilities = aesgcm256,zlib

But i think the single flag (and making sensible ordering choices) fits more closely with the current certtool template interface.

Applications that this feature may be relevant to:

Using certtool-generated X.509 certificate for e-mail purposes with S/MIME.

Is this feature implemented in other libraries (and which)

I believe this can be achieved by some complicated gymnastics in OpenSSL's configuration syntax, but