Code review comment for ~bryce/ubuntu/+source/ssl-cert:ssl-cert-sru-lp1853021-hirsute

@Paride given the new standard is 825 days, I also wondered if that might be a more sensible value to set as the default. One drawback is that doing so would certainly be a behavioral change, and may make the changes non-SRU-able. But going forward that might be a good change; another thing to discuss with Debian I suppose.

Regardless, I do think that adding --expiration-days is worthwhile. From the referenced links, I see there was a lot of debate, with some CA's preferring longer expiration times, and others shorter. So I think from the distro POV having this as a settable option gives our users flexibility that they need.

@Christian, one of the considerations I made with skipping getopts is that getopts only handles single-letter options, but this script's one parameter is a long option. The other usage mode of permitting "<template> <output>" arguments also needs a bit of special handling to use cleanly with getopts. It ends up being a number of lines for argument parsing to handle just a couple options.

I notice this is not marked Approved yet; do I interpret this correctly to mean you prefer this work be done only in Debian rather than Ubuntu, or are you ok with the branch as-is to land as temporary delta for Ubuntu while we wait on Debian?