Follow up on Azure certs #1198
Description
We should test with some real Azure instances after January 6th to make sure we have bundled the right certs, possibly update the unit tests, and perhaps remove the expired certs.
We added the ECC variant of the xsign certs in coder/coder#21265 in response to a notice from Microsoft (#1147) but it was not clear whether the ECC ones are replacing some of the others we had, or if for some reason we only need the RSA ones (ECC variants did exist back when the RSA ones were added so unsure if there was a reason they were omitted), or if the notice even affects signature verification at all.
From the linked forum post, it seems like this is in relation to phasing out the Baltimore CyberTrust Root CA and that we should add the Microsoft Azure TLS Issuing CAs, but we already had those bundled. To add to the confusion, those expired in June of last year, so the post seems out of date. But again, possible that the ECC ones are the replacement for them.
Anyway, we still have those expired certs bundled just in case, and also all the RSA and ECC xsign issuing certs. These xsign certs do expire next August though, so likely they will have to be replaced soon even if they are the correct certificates currently.