Improve name constraints testing and fix bugs found

[ctz]

This incorporates:

• Add tests for {dns_name, ip_address}::presented_id_matches_constraint() briansmith/webpki#239
• Fix name constraints check #7
• Only allow contiguous netmasks briansmith/webpki#131 (reimplemented, see note below)

[codecov-commenter]

Codecov Report

Merging #18 (8e9de6e) into main (0e93500) will increase coverage by 7.93%.
The diff coverage is 97.33%.

@@            Coverage Diff             @@
##             main      #18      +/-   ##
==========================================
+ Coverage   86.00%   93.94%   +7.93%     
==========================================
  Files          15       15              
  Lines        2351     2542     +191     
==========================================
+ Hits         2022     2388     +366     
+ Misses        329      154     -175     

Impacted Files	Coverage Δ
src/error.rs	25.00% <ø> (ø)
src/subject_name/dns_name.rs	90.42% <81.81%> (+19.83%)	⬆️
src/der.rs	94.28% <95.83%> (+0.26%)	⬆️
src/subject_name/verify.rs	95.31% <95.83%> (+61.31%)	⬆️
src/subject_name/ip_address.rs	98.41% <99.25%> (+0.11%)	⬆️
src/verify_cert.rs	89.84% <100.00%> (+1.24%)	⬆️
src/cert.rs	96.96% <0.00%> (+0.75%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[ctz]

I also plan to shortly pull in briansmith#131 and provide test cases for it.

On this one I have reimplemented the change, as the original one had a reachable panic in ipv6 addresses and fixing it wasn't easy without 128-bit integer support. However there is a test that acts as a regression case for it.

[djc]

I feel very out of my depth here so I'm hoping this review is somewhat useful.

[djc]

(Note, there's a conflict to fix up.)

[ctz]

I think this is ready to go now.