Need fallible function that merges signatures into certs
If you want to merge a revocation signature, you cannot know whether you are looking at a first-party or third-party revocation. So you look at the issuer, pull a cert from the store, and then you need to try to merge it. If it is a first-party revocation, this will succeed. If it is a third-party revocation, it will fail. Then, you need to iterate over all certs in your store that have the issuer as designated revoker, and try to merge it into those.
I imagine something like