Initial support for certificate policy checking and evaluation.

This is currently *very* experimental and needs to be more fully integrated
with the main verification code.