X509 sign missing validity and client-auth #142
Description
Hello
I noticed two issues in cmd/okms/x509/sign.go:
The NotAfter field is never set in the certificate template, so the --validity flag has no effect and the generated certificates end up with an invalid expiry date (Jan 1 00:00:00 1 GMT).
There's a typo in the flag declaration for --client-auth: it incorrectly assigns the value to usageServerAuth instead of usageClientAuth.
Proposed fix:
Add NotAfter: time.Now().Add(validity) to the certificate template.
Correct the flag definition to use &usageClientAuth for the --client-auth flag.