refactor(auth): use a single function for parsing extensions

Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data.  This is error prone and caused TFV-10 (CVE-2022-47630).

A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation.  cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.

Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>