[CRT_SH] 🐛 don't treat invalid certificates from 3rd party as active

[zcrt]

Changes

• Fixes the todo in CRT_SH to only yield valid certificates

Issue ticket number and link

#86

Proof

Trivial

Checklist for author(s):

• All the commits in this PR are properly PGP-signed and verified;
• This PR comes from a feature or hotfix branch, in line with our git branching strategy;
• This PR is "bite-sized" and only focuses on a single issue, problem, or feature;
• I am not reinventing the wheel: there is no high-quality library that already has this feature;
• I have changed the example .env files if I added, removed, or changed any config options, and I have informed others that they need to modify their .env files if required;
• I have performed a self-review of my own code;
• I have commented my code, particularly in hard-to-understand areas;
• I have made corresponding changes to the documentation, if necessary;
• I have written unit, integration, and end-to-end tests for the change that I made;

If a non-trivial PR:

• This PR is part of a milestone and has appropriate labels;
• This PR is properly linked to the project board (either directly or via an issue);
• I have added screenshots or some other proof that my code does what it is supposed to do;

## Checklist for functional reviewer(s):
- [ ] If a non-trivial PR: This PR is properly linked to an issue on the project board;
- [ ] I have checked out this branch, and successfully ran `make kat`;
- [ ] I have ran `make test-rf` and all end-to-end Robot Framework tests pass;
- [ ] I confirmed that the PR's advertised `feature` or `hotfix` works as intended;
- [ ] I confirmed that there are no unintended functional regressions in this branch;

### What works:
* _bullet point + screenshot (if useful) per tested functionality_

### What doesn't work:
* _bullet point + screenshot (if useful) per tested functionality_

### Bug or feature?:
* _bullet point + screenshot (if useful) if it is unclear whether something is a bug or an intended feature._

## Checklist for code reviewer(s):
- [ ] The code passes the CI tests and linters;
- [ ] The code does not bypass authentication or security mechanisms;
- [ ] The code does not introduce any dependency on a library that has not been properly vetted;
- [ ] The code does not violate Model-View-Template and our other architectural principles;
- [ ] The code contains docstrings, comments, and documentation where needed;
- [ ] The code prioritizes readability over performance where appropriate;
- [ ] The code conforms to our agreed coding standards.

[zcrt]

Now that I think about it, maybe it is even better to not yield any certificates from external sources at all, but only from the certificate serving place itself. If the external source is not up-to-date and there are problems with the certificate, KAT may incorrectly deduce that the certificate for website x is fine. I am curious about your opinions on this

[noamblitz]

Im not sure if this is the responsibility of boefjes. I think it should be the responsibility of bits. If a boefje finds a cert it should be reflected in the graph

[dekkers]

Commits are not signed.