LG-13524: Validate login_bundle.pem for inclusion in ficam_bundle.pem

[aduth]

🛠 Summary of changes

Updates certificate bundle validation task to check certificates for inclusion in the FICAM-distributed certificate bundle.

Related Slack discussion: https://gsa-tts.slack.com/archives/C05MGJ72GU9/p1717515786828179?thread_ts=1717433534.870859&cid=C05MGJ72GU9

📜 Testing Plan

Verify that the certificate bundle validation task (1) continues to validate existing checks for bundle regeneration and (2) checks for inclusion of certificates in the FICAM bundle:

1. Reset to the commit prior to removing invalid certificates: git checkout 0bd01ee~1
2. Run rake certs:check_certificate_bundle
3. See error "Unexpected certificates in config/cert_bundles/login_bundle.pem not present in config/cert_bundles/ficam_bundle.pem" listing two certificates
4. Remove the two listed certificates from config/certs
5. Run rake certs:check_certificate_bundle
6. See error "config/cert_bundles/login_bundle.pem does not match the certificates in config/certs" (existing check)
7. Run rake certs:generate_certificate_bundles
8. Run rake certs:check_certificate_bundle
9. See no errors

[zachmargolis]

I forget -- how close are we to having those cert_bundles generated as part of the deploy process?

[aduth]

I think we'll sooner move to using a different bundle (related Slack discussion), which will probably still require some maintaining that we could/should incorporate into the deployment process, but wouldn't want to plan too much around it since it might work a little differently.

I'll create a ticket for it so that we don't lose track. (Edit: LG-13554)