Fix manually specified Certificate and CertificateRequest versions
Basically all modern X.509 certs are version 3, but confusingly to
specify "version 3" in an encoded cert, the version number is actually
2.
For PKCS#10 CSRs, the only valid version is 1, which again
confusingly has the value "0" when encoded.
This was incorrect in many places, including one place in which the
version number on a CSR was used as a certificate's version number,
when the two are entirely unrelated.
Go ignores these values, so there's no functional changes here; still,
it's better to be accurate.
Go ignoring CSR version and specifying 0:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1958
Go ignoring Certificate version and specifying 2:
https://cs.opensource.google/go/go/+/refs/tags/go1.17:src/crypto/x509/x509.go;l=1534
PKCS#10 CSR specification in RFC 2986 section 4.1:
https://datatracker.ietf.org/doc/html/rfc2986#section-4
X.509 Cert specification in RFC 5280 section 4.1.2.1:
https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.1
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
68f5ceb3b4