fix: preferred chain support.

[ldez]

Fixes #1294

By following the RFC:

The server MAY provide one or more link relation header fields
[RFC8288] with relation "alternate". Each such field SHOULD express
an alternative certificate chain starting with the same end-entity
certificate.

https://tools.ietf.org/html/rfc8555#section-7.4.2

The "alternate" links are NOT provided by the order call but by the certificate call.

I don't understand why I didn't see the problem during the PR review introducing this.
I made a mistake and I want to apologize for it.

go run ./cmd/lego/ -m xxx@example.com -d example.com --dns xxx -s https://acme-staging-v02.api.letsencrypt.org/directory run --preferred-chain="Fake LE Root X2"
2020/11/21 01:22:01 [INFO] [example.com] acme: Obtaining bundled SAN certificate
2020/11/21 01:22:01 [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/666666666
2020/11/21 01:22:01 [INFO] [example.com] acme: authorization already valid; skipping challenge
2020/11/21 01:22:01 [INFO] [example.com] acme: Validations succeeded; requesting certificates
2020/11/21 01:22:03 [INFO] [example.com] Server responded with a certificate for the preferred certificate chains "Fake LE Root X2".

Related to #1227

[dmke]

LGTM.

I made a mistake and I want to apologize for it.

Don't worry too much. We're all just humans.