Update Gencert with TLS1.3 compatibility

[adamoutler]

This change is required to provide a Subject Alternate Name for the certificate rather than no SANs at all. The default "localhost" is retained. New certified IPs/hostnames include

• pikvm-${ProcessorSerialNumber}.local
• Ethernet IPv4 Address
• Ethernet IPv6 Address
• WiFi IPv4 Address (if connected)
• WiFi IPv6 Address (if connected)

This change allows a user to trust the PiKVM cert as a Root cert by default. After generating a cert with the scripts/kvmd-gencert, any acquired IPv4 and IPv6 addresses along with pikvm-${ProcessorSerialNumber} are registered as subject alternate names for the cert. This allows the certificate to be used as a Trusted Root Certificate.

In Windows/Chrome

1. show the certificate
   
2. Click Details, then Export then save to your Desktop.
   
3. On the desktop double-click the file and then "Install Certificate..."
   
4. Choose Current User, then next
   
5. Choose Place all certificates in the following store, then Browse...
   
6. Press Trusted Root Certification Authorities, then Ok, and then Next
   
7. Press Finish
   
8. Press Yes, then Ok
   
9. Close your browser completely, then reopen to your PiKVM. The certificate is installed
   

Possible Future improvements:

• make the IP or pikvm-${ProcessorSerialNumber} the official cert name instead of localhost. This will help to identify the certificates in the keystore.
• Create a certificate regeneration extras which runs this cert-genetator and restarts the webserver so that the user can recertify a dynamic IP address on-the-fly.