Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs

CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.

Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.

lemur/certificates/service.py

@@ -514,7 +514,9 @@ def get_certificate_primitives(certificate):
     certificate via `create`.
     """
     start, end = calculate_reissue_range(certificate.not_before, certificate.not_after)
-    data = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data).data
+    ser = CertificateInputSchema().load(CertificateOutputSchema().dump(certificate).data)
+    assert not ser.errors, "Error re-serializing certificate: %s" % ser.errors
+    data = ser.data
 
     # we can't quite tell if we are using a custom name, as this is an automated process (typically)
     # we will rely on the Lemur generated name