An unfortunate combination of `--provisioner acme` and the `--acme`
flags on `step ca init` could lead to an invalidat CA configuration.
This commit prevent this case from happening. A similar error could
occur for the `sshpop` provisioner, so a fix was implemented for that
case too.

The fix doesn't catch all cases, e.g. it doesn't check for multiple
provisioners having the same `acme-` or `sshpop-` prefix. The code
that is called is intended to be only called from a `step ca init`
invocation, so should work for these cases, but might not if the
methods are invoked at other times.

…-name

So far the `GenerateConfig` method wasn't tested. This commit adds
a couple of basic tests for this method. It's not fully covered yet,
nor are all properties being checked, but it provides a starting
point for refactoring the CA (configuration) initialization process.

Apparently the macOS SCEP client sends a SCEP message in the query
that's not fully escaped. Only the base64 padding is escaped, the
'+' and '/' characters aren't.

This is a bit of a special case, because the macOS SCEP client
will default to using HTTP POST for the PKIOperation. But if the
CA is configured without the POSTPKIOperation capability, the
macOS SCEP client will use HTTP GET instead. This behavior might
be the same on iOS.

…andling

Improve SCEP request handling

…e-provisioner-name

Fix `step ca init` with duplicate provisioner name (`--provisioner acme --acme`)

…ators (#1572)

- skip urisValidator for identity certificate signing. Implemented
  by building the validator with the context in a hacky way.