Standardize on JCE X509Certificate

X509Certificate objects' DER encoding is different between JCE and BouncyCastle. Content signing certificates generated with BouncyCastle returned "null" sigGetAlgParams() as DERNull. The specification requires the method to return null.
For all signed objects, X509Certficate objects as well as all X.509 certificate containers, are built by JCE.

SHA256(fips201-card-conformance-tool-1.0.1-release-20210208211231.zip)= b90f55c71152eb3e3394853333b627ec87df4296b788041dc3fef1e0b2cdbb91