support certificate validate

OpenStack now supports signature verification for signed images. However, it does not support strong certificate validation for certificates used to generate image signatures. Specifically, cinder has no mechanism to identify trusted certificates. While cinder verifies the signature of a signed image, there is no way to determine if the certificate used to generate and verify that signature is a certificate that is trusted by the user. This change will introduce an addition to the cinder API allowing the user to specify a list of trusted certificates when creating volume from image. These trusted certificates will be used to conduct certificate validation in concert with signature verification, providing the user confidence in the integrity of the image being created.