Add required TLS (de)serialization

RFC 6962 uses the TLS wire-format in §3. So, we need to be able to (de)serialize these structures.

One option is to implement the minimum (de)serialization requirements using the reflect package. This comes with the benefit that we can define go structs with tags so that (de)serialization "just works" if the TLS package is correct. For example:

// opaque ASN.1Cert<1..2^24-1>;
type ASN1Cert struct {
    Bytes []byte `tls:"min:1,max:2^24-1"`
}

The downside is that testing and review of reflect code is not entirely trivial, see an existing implementation that supports the entire wire-format.

An alternative would be to realize that there's not a whole lot of (de)serialization that needs to be done. We could consider doing this "by-hand", one structure at a time with a few simple helpers that (un)pack primitive types like uint64, array, etc. This has the benefit of resulting in relatively stupid code that will likely be easy to test and review.

TODO:

• List data structures that need to be (de)serialized
• List primitive types used by these data structures
• Make a judgement call if it is simpler to go forward with reflect or on-reflect code (priority: easy to test and review)
• Implement the necessary TLS (de)serialization helpers

In addition to the above, RFC 6962 also uses the TLS Digitally-Signed struct. So, we will need to implement that as well for the required hash algorithms (SHA256) and signature algorithms (RSA, ECDSA).