Settle on naming for `tls::certificate_{sign,verify}`

[t184256]

As mentioned in this discussion, tls::certificate_{sign,verify} is going to become tls::{sign,verify}, but the spec is not consistently updated to reflect that.

I also wonder how are contexts supposed to be structured for the verifications of the certificate chains to be able to tell apart the sigalgs in use with TLS directly from the server cert chain PKI validations from the client cert chain PKI validations, and whether it makes sense to offer such distinctions.