[PATCH 7/9] cert: Optionally return error string from l_certchain_verify