[crypto] Report meaningful error when certificate chain validation fails

[crypto] Report meaningful error when certificate chain validation fails

If a certificate chain contains no certificate which can be validated
as a standalone certificate (i.e. contains no trusted root
certificates or previously-validated certificates) then iPXE will
currently return a fixed error EACCES_UNTRUSTED.  This masks the
actual errors obtained when attempting to validate each certificate as
a standalone certificate, and so makes troubleshooting difficult for
the end user.

Fix by instead returning the error obtained when attempting to
validate the final certificate in the chain as a standalone
certificate.  This error is most likely (though not guaranteed) to
represent the "real" problem.

Reported-by: Sven Dreyer <sven@dreyer-net.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>