s4-backupkey: Cert lifetime of 365 days, not secs

s4-backupkey: Cert lifetime of 365 days, not secs

hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Two other TODOs in this implementation:

* Since notBefore is not set explicietely to "now", the heimdal code
  default of now-(24 hours) is applied.

* Server side validity checks and cert renewal are missing.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>