CL 71030 enforced EKU nesting at verification time, to go along with the
change in name constraints behaviour. From scanning the Certificate
Transparency logs, it's clear that some CAs are not getting EKU nesting
correct.

This change relaxes the EKU rules in a few ways:
  ∙ EKUs in roots are no longer checked.
  ∙ Any CA certificate may issue OCSP responder certificates.
  ∙ The ServerAuth and SGC EKUs are treated as a single EKU when
    checking nesting.
  ∙ ServerAuth in a CA can now authorise ClientAuth.
  ∙ The generic CodeSigning EKU can now authorise two, Microsoft-specific
    code-signing EKUs.

Change-Id: I7b7ac787709af0dcd177fe419ec2e485b8d85540
Reviewed-on: https://go-review.googlesource.com/77330Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>