Allow retrieving a trust anchor from extraCerts and using that
to validate the certificate chain of an IP message.
+=item B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS>
+
+ Do not cache certificates received in the extraCerts CMP message field.
+ Otherwise they are stored to potentially help validate further messages.
+
=back
OSSL_CMP_CTX_get_option() reads the current value of the given option
signer certificate, for the own TLS certificate (if any), when verifying peer
CMP protection certificates, and when verifying newly enrolled certificates.
The reference counts of those certificates handled successfully are increased.
+This list of untrusted certificates in I<ctx> will get augmented by extraCerts
+in received CMP messages unless B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> is set.
OSSL_CMP_CTX_get0_untrusted() returns a pointer to the
list of untrusted certs in I<ctx>, which may be empty if unset.