Accept a saved cert at any point in the chain, except for those
revoked or with invalid dates.

The INSECUREALG processing was a bit goofed up.  It was skipping the
prompt for every chain except the host, and was only displaying an
error for entry 1 (the host being 0, root being len-1).  Instead
prompt at any point, and display a warning as with the other errors.

Add a CERTERR_OTHER type to capture other bits.  Recently GnuTLS has
added additional certificate_status_t types.  We may want to improve
the prompts in the future for those, but for now at least make sure
it's recorded in certerr.