Support for Let's encrypt certprofiles

[Sausageroll2077]

---

• I have read the contributing guideline and understand that I have made the correct modifications

---

Description:

Added support for https://letsencrypt.org/docs/profiles/ primarily for the shortlived profile since this is really the only one that currently changes things from default.

It enables the cert profile enviroment so that when certbot renews or requests a cert it will request for the "shortlived" profile a shorter certificate lifetime (6 days).

Benefits of this PR and context:

This is a new feature for letsencrypt and certbot. The whole community will be moving towards shorter certificates
and therefore swag users should be able to test or adapt early to this new reality.

How Has This Been Tested?

I have build the docker locally on my unraid server and changed the repository to this local repo.
I added the CERT_PROFILE variable with the value shortlived and ran it in staging mode and non staging mode and both times got a certificate for 6 days:

Source / References:

https://letsencrypt.org/docs/profiles/

[github-actions]

Thanks for opening this pull request! Be sure to follow the pull request template!

[Sausageroll2077]

While testing this on Unraid, I noticed every container restart was looping into a revoke + reissue cycle when CERT_PROFILE=shortlived was set. The cause is the existing legacy check that tries to detect certs still on the expired DST Root CA X3 cross-sign:
openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"

I changed it to check for the actual bad chain:
openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "DST Root CA X3"

This way it does not interfere with the new intermediates that shortlived introduces.