Add lints for DirectoryString encoding as Printable or UTF8

[jsha]

https://tools.ietf.org/html/rfc5280#page-24

When encoding attribute values of type DirectoryString, conforming
CAs MUST use PrintableString or UTF8String encoding, with the
following exceptions:

  (a)  When the subject of the certificate is a CA, the subject
       field MUST be encoded in the same way as it is encoded in the
       issuer field (Section 4.1.2.4) in all certificates issued by
       the subject CA.  Thus, if the subject CA encodes attributes
       in the issuer fields of certificates that it issues using the
       TeletexString, BMPString, or UniversalString encodings, then
       the subject field of certificates issued to that CA MUST use
       the same encoding.

  (b)  When the subject of the certificate is a CRL issuer, the
       subject field MUST be encoded in the same way as it is
       encoded in the issuer field (Section 5.1.2.3) in all CRLs
       issued by the subject CRL issuer.

  (c)  TeletexString, BMPString, and UniversalString are included
       for backward compatibility, and SHOULD NOT be used for
       certificates for new subjects.  However, these types MAY be
       used in certificates where the name was previously
       established, including cases in which a new certificate is
       being issued to an existing subject or a certificate is being
       issued to a new subject where the attributes being encoded
       have been previously established in certificates issued to
       other subjects.  Certificate users SHOULD be prepared to
       receive certificates with these types.

Clause (c) makes it hard to make this an error or warning, since we can't know if a name had previously been established. Perhaps this could be a notice-level lint?