[This CL is for reference only.]
Parse an application/x-x509-user-cert response with
net::X509Certificate::CreateCertificateListFromBytes(), which supports
three formats (in particular PKCS #7).
Save the response in a file named "keygen-response". Print messages
about the format and contents of the response.
Import the intermediate CA certificates in the response (only implemented
for NSS). NOTE: we must verify the CA certificates before importing them.
Sign PublicKeyAndChallenge with sha1WithRSAEncryption.