Allowing specifying signing algorithm for depot signer

[venkyg-sec]

[x] Summary
While creating the x509 template for signing certificates, the depot signer specifies the signing algorithm as picked from the x509 CSR. This assumption is incorrect because the CA key type will not always match the requestor's key type. In addition, the signing algorithm in the CSR is for generally for the verifier to know what algorithm is to be used to verify the CSR signature. While the algorithm to be used to sign the actual certificate is more of a CA/Signer property.

This PR retains the existing behavior but allows overrides for consumers of the depot library.

[x] Test

[scep]$ make test
go test -cover ./...
?   	github.com/micromdm/scep/v2/challenge/bolt	[no test files]
?   	github.com/micromdm/scep/v2/client	[no test files]
ok  	github.com/micromdm/scep/v2/challenge	(cached)	coverage: 85.7% of statements
?   	github.com/micromdm/scep/v2/cmd/scepclient	[no test files]
?   	github.com/micromdm/scep/v2/cmd/scepserver	[no test files]
ok  	github.com/micromdm/scep/v2/cryptoutil	(cached)	coverage: 80.0% of statements
ok  	github.com/micromdm/scep/v2/cryptoutil/x509util	(cached)	coverage: 44.9% of statements
?   	github.com/micromdm/scep/v2/csrverifier	[no test files]
?   	github.com/micromdm/scep/v2/depot	[no test files]
?   	github.com/micromdm/scep/v2/csrverifier/executable	[no test files]
ok  	github.com/micromdm/scep/v2/depot/bolt	(cached)	coverage: 55.8% of statements
?   	github.com/micromdm/scep/v2/depot/file	[no test files]
ok  	github.com/micromdm/scep/v2/scep	(cached)	coverage: 60.2% of statements
ok  	github.com/micromdm/scep/v2/server	0.207s	coverage: 44.9% of statements