[#4045 Backport] During X.509 verification, first check the signatures

[randombit]

The remainder of path validation logic is still subject to attacker controlled inputs, but the range of inputs is reduced to that which a legitimate certificate authority was willing to sign.

Backport of #4045

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 95.45455% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 91.98%. Comparing base (fb0a41b) to head (cbbcc93).
Report is 4 commits behind head on release-2.

Files	Patch %	Lines
src/lib/x509/x509path.cpp	95.45%	1 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           release-2    #4052   +/-   ##
==========================================
  Coverage      91.98%   91.98%           
==========================================
  Files            583      583           
  Lines          64254    64239   -15     
  Branches        6266     6272    +6     
==========================================
- Hits           59103    59091   -12     
+ Misses          5120     5117    -3     
  Partials          31       31           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.