Setting certificate properties on import requires an issuer #16217
Description
In track 2 setting certificate properties via CertificatePolicy requires passing an issuer, when in track 1 that was not required.
To support import, define a default constructor but leave Issuer, Subject, and SubjectAlternativeNames read-only properties. The parameters in existing constructors should also continue to be asserted. issuer is optional during import, and subject is ignored - obtained from the X509 certificate anyway. We could also loosen restrictions in the future if needs be.
To note: if we did loosen restrictions later and allowed subject or SAN to be null, the service does return a pretty descriptive error that would help customers diagnose the issue:
{
"error": {
"code": "BadParameter",
"message": "Either subjectName or san must be present"
}
}