certmap: allow missing empty EKU in OpenSSL version
In the OpenSSL version of the certificate mapping and matching code a
missing Extended Key Usage (EKU) extension was not detected properly and
caused an error while processing the certificate.
Related to https://pagure.io/SSSD/sssd/issue/3489
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>