[WIP] Allow to serialize X509 extension's value

[felixfontein]

Another WIP for #5002, based on the discussion on IRC.

[reaperhulk]

Right now when we serialize extensions we pass a set of handlers around and that mechanism is what maps a given extension to its private serialization method in _encode_asn1. If we attach a serialization method to the extension then we can have it invoke that method and remove a large pile of this plumbing. So instead of generating extension DER through that class, we could just iterate the list and call serialize on each one.

One complication here is our desire to remove backend as an arg. We could get around this by lazy-importing the backend though. So then we'd have classes with implementations that look like this:

class IssuingDistributionPoint(object):
    ...

    def _der_bytes(self):
        from cryptography.hazmat.backends.openssl.backend import backend
        from cryptography.hazmat.backends.openssl.encode_asn1 import _encode_issuing_dist_point
        return _encode_issuing_dist_point(backend, self)

If we want to go this path I'd say we should have the methods be private at first and expose them publicly after we're happy with how it's working. You could still call the private methods and would be able to follow any changes we might make without any problems :)

[felixfontein]

From how I understood it, the _encode_* functions in encode_asn1.py do not return DER bytes, but (in general) structures which are encoded (indirectly) by OpenSSL's X509V3_EXT_i2d to DER. So this method _der_bytes would not return DER bytes, and would not really be usable except for passing the result to X509V3_EXT_i2d or similar functions.