Add check to confirm OpenId has Read access to signing certificate

[anoordende]

Follow-up from #827

It seems worth adding a check in the OpenId module that the process can access the cert when updating the settings through the UI. And/or improve the log output.

[Jetski5822]

@PinpointTownes Got time to take a look? (See you doing commits ;))

[Piedone]

@kevinchalet could you please comment on whether this is still applicable?

[kevinchalet]

@Piedone you can't know for sure whether a certificate will "work" until you really do the crypto operation you need (e.g signing a token, which requires the private key) and AFAIK, we haven't implemented any "test routine" that would perform a test crypto operation to eagerly detect invalid certificates (or inaccessible private keys), so technically, it's "still applicable".

That said, I don't think we should spend time on that since we're planning on removing this feature once the secrets module lands 😃

[Piedone]

Good point, and thank you. Closing it, then, in favor of #7891.