Mark X509v3 Subject Alternative Name extension as critical

[TomerHakim]

Is your feature request related to a problem? Please describe.
There is no way to mark the X509v3 Subject Alternative Name as critical in Vault (for certificates and intermediate CAs).

Describe the solution you'd like
Add an option to mark the X509v3 Subject Alternative Name as critical, also when using curl API to generate the certificate/intermediate CA.

Describe alternatives you've considered
Didn't find any alternative with using vault pki engine.

Explain any additional use-cases
A very similar case is this: #9779
The above case is just another extension

Additional context
I think it's worth having all extensions configurable as critical/non-critical (non critical can be the default for backward compatibility). It can add much needed flexibility when creating certificates and it will be very convenient when having scenarios where replacing old certificates, that were created by other tools, to new certificates that must be created using vault and must include specific extensions configured in specific manner.

in my example, I need the Subject Alternative Name extension to change from this:

            X509v3 Subject Alternative Name:
                DNS:example.com

to this:

            X509v3 Subject Alternative Name: critical
                DNS:example.com