FiloSottile/mkcert v1.4.3

Cleaned up EKUs

on GitHub

The EKU logic is now simpler, and it follows the following rules

• if an IP address, DNS name, or URI SAN is present, serverAuth is included
• if -client is used, clientAuth is included
• if an email address SAN in present, emailProtection is included

Certificate generation based on CSRs is now consistent with standard certificate generation.

Releases are now built from GitHub Actions.