Flatten the generated zip archives and include individual certs

[zacikpa]

Currently, we export each chain as a single file chain.pem together with the root cert root.pem. This makes it hard to validate manually using command-line OpenSSL, since it only accepts a single cert per file.

This PR flattens the archive structure (no subdirectories as is the case now) and also exports each certificate separately.

An example archive may look like this:

• EXPIRED
  - chain.pem (contains endpoint and two intermediate CA certs)
  - root.pem
  - endpoint.pem
  - intermediate1.pem
  - intermediate2.pem

Solves #104.

[mukrop]

Two questions before approval:

• Is generating a chain file and then splitting it not too complicated? Did you not consider adjusting the generating scripts to create individual files? Then, the chain can be easily created by concatenation of cert files (possibly even directly in Make). I know this would introduce more changes (all generating scripts would need to be changed), but I find it a more modular design (with fewer utility scripts).
• (Only relevant if the previous question is dismissed.) Your Makefile changes hardcode the folder name tmp on multiple places. I'd prefer having it as a variable. Similarly, the new utility script hardcodes the names endpoint.pem and intermediate[num].pem – this may be OK, though I was hesitant if hardcoding the names will not cause trouble later on.