Django-ca

* Increase minimum field length of serial and common name fields.
* Tests now call full_clean() for created models. SQLite (which is used for testing) does not enforce the
`max_length` parameter.

- Completely remove pyOpenSSL and consistently use [cryptography](https://cryptography.io/).
- Due to the transitition to cryptography, some features have been removed:
- The `tlsfeature` extension is no longer supported. It will be again once cryptography adds support.
- The `msCodeInd`, `msCodeCom`, `msCTLSign`, `msEFS` values for the ExtendedKeyUsage extension are
no longer supported. Support for these was largely academic anyway, so they most likely will not be added
again.
- `TEXT` is no longer a supported output format for dumping certificates.
- The `keyUsage` extension is now marked as critical for certificate authorities.
- Add the `privilegeWithdrawn` and `aACompromise` attributes for revocation lists.

- Update requirements.
- Use [Travis CI](https://travis-ci.org) for continuous integration. **django-ca** is now tested
with Python 2.7, 3.4, 3.5, 3.6 and nightly, using Django 1.8, 1.9 and 1.10.
- Fix a few test errors for Django 1.8.
- Examples now consistently use 4096 bit certificates.
- Some functionality is now migrated to `cryptography` in the ongoing process to deprecate
pyOpenSSL (which is no longer maintained).
- OCSPView now supports directly passing the public key as bytes. As a consequence, a bad
certificate is now only detected at runtime.

- Make sure that Child CAs never expire after their parents. If the user specifies an expiry after that of the parent, it is silently changed to the parents expiry.
- Make sure that certificates never expire after their CAs. If the user specifies an expiry after that of the parent, throw an error.
- Rename the `--days` parameter of the `sign_cert` command to `--expires` to match what we use for `init_ca`.
- Improve help-output of `--init-ca` and `--sign-cert` by further grouping arguments into argument groups.
- Add ability to add CRL-, OCSP- and Issuer-URLs when creating CAs using the `--ca-*` options.
- Add support for the `nameConstraints` X509 extension when creating CAs. The option to the `init_ca` command is `--name-constraint` and can be given multiple times to indicate multiple constraints.
- Add support for the `tlsfeature` extension, a.k.a. "TLS Must Staple". Since OpenSSL 1.1 is required for this extension, support is currently totally untested.

- Add links for downloading the certificate in PEM/ASN format in the admin interface.
- Add an extra chapter in documentation on how to create intermediate CAs.
- Correctly set the issuer field when generating intermediate CAs.
- `fab init_demo` now actually creates an intermediate CA.
- Fix help text for the `--parent` parameter for``manage.py init_ca`

- django-ca now provides a complete OCSP responder.
- Various tests are now run with a pre-computed CA, making tests much faster and output more predictable.
- Update lots of documentation.