ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
If signature-based message protection is used it adds first the CMP signer cert
ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
-tries to build it using ctx->untrusted_certs and caches the result in ctx->chain.
+tries to build it using ctx->untrusted and caches the result in ctx->chain.
In any case all the certificates explicitly specified to be sent out (i.e.,
I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).