feat: Clarifies CRL format

[NeedleInAJayStack]

Proposed changes

closes #187

The ssl_crl documentation does not mention that a revocation list is required for every certificate in the certificate chain, which can cause confusion when using intermediate CAs. This forum post, this ticket and this stackoverflow that specify this requirement, but it seems like it would convenient to have it more visible in the official documentation.

Checklist

Before creating a PR, run through this checklist and mark each as complete:

• I have read the contributing guidelines.
• I have signed the F5 Contributor License Agreement (CLA).
• If applicable, I have added tests that prove my fix is effective or that my feature works.
• If applicable, I have checked that any relevant tests pass after adding my changes.
• I have updated any relevant documentation (README.md and/or CHANGELOG.md).

[NeedleInAJayStack]

Similar documentation exists in:

• ngx_mgmt_module
• ngx_http_grpc_module
• ngx_http_oidc_module
• ngx_http_proxy_module
• ngx_http_uwsgi_module
• ngx_mail_ssl_module
• ngx_stream_proxy_module
• ngx_stream_ssl_module
• ngx_stream_zone_sync_module

Would it be good to make this change in those places as well?

[pluknet]

IMHO, it looks somewhat ambiguous wrt "each certificate", what about:

When using intermediate certificates, their CRLs should be specified in the same file.

(akin to the wording in ssl_certificate)

[NeedleInAJayStack]

Oh nice. Yeah, I like that wording more. Updated.