Support revocation checking for entire certificate chain

## Description

Currently, `tpm-trust` only checks for revocation of the leaf certificate (EK certificate) but does not verify revocation status for intermediate certificates in the chain. This creates a potential security gap where a compromised or revoked intermediate CA certificate could still be trusted.

## Current Behavior

In [`internal/validate/certificate.go`](https://github.com/loicsikidi/tpm-trust/blob/main/internal/validate/certificate.go), the revocation check is performed as follows:

```go
if !cfg.SkipRevocationCheck {
    crlUrls, err := c.prepareUrls(cfg.EK.Certificate.CRLDistributionPoints)
    // ... downloads and verifies CRL only for cfg.EK.Certificate
    if crl.IsRevoked(cfg.EK.Certificate) {
        return ErrCertificateRevoked
    }
}
```

This only checks the leaf certificate's revocation status.

## Expected Behavior

The revocation check should be performed for:
1. ✅ The leaf certificate (EK) - **already implemented**
2. ❌ All intermediate CA certificates in the chain - **missing**


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support revocation checking for entire certificate chain #13

Description

Current Behavior

Expected Behavior

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Support revocation checking for entire certificate chain #13

Description

Description

Current Behavior

Expected Behavior

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions