UI for "link/vouch add/authorize" is complicated; could be one command

Currently there are four commands for making a certification:

sq pki link add
sq pki link authorize
sq pki vouch add
sq pki vouch authorize

I think that is too much commands for the same thing. The differences could be handled with options. One command:

sq pki certification add

1. By default all would create a non-exportable certification.
2. To choose between local trust root or other certifier:

--certifier-root (use local trust root)
--certifier, --certifier-self, --certifier-userid, ... (select own key)

At least one of the above options must be given.

3. To choose trust depth:

--depth 0 (default, validate the binding, same as "add" currently)
--depth n (n>0, validate and trusted introducer, same as "authorize" currently)

4. To make it exportable:

--exportable

The above option refuses to make --certifier-root certifications exportable. Warning is given to user.

Typical commands would look like:

sq pki certification add --certifier-root --cert ... --userid ...
sq pki certification add --certifier-root --cert ... --userid ... --depth 3
sq pki certification add --certifier ...  --cert ... --userid ...
sq pki certification add --certifier ...  --cert ... --userid ... --exportable
sq pki certification add --certifier ...  --cert ... --userid ... --depth 1 --exportable

Other possible subcommands for sq pki certification: list, retract, replay, ...