Ed25519 certificate parsing does badly with expirations after 2038
We deliberately chose an hour-based expiration counter for ed certs, because of 32-bit issues. But when we parse them, we just multiply the 32-bit field by 3600. That results in an overflow if the time is greater than UINT32_MAX.
The impact here isn't too bad. First, it only affects certs that expire after 32-bit signed time overflows in Y2038. Second, it can only make it seem that a non-expired cert is expired: it can never make it seem that an expired cert is still live.