Fill in missing cert rotation_policy; don't ignore validation errors when re-issuing certs

CertificateInputSchema requires the rotation_policy field, but
certificates created before the field existed have set to NULL. Thus
saving such certificates failed and probably caused other errors.

Made cert re-issuing (get_certificate_primitives) more strict so such
errors are harder to miss in the future.

lemur/migrations/versions/1db4f82bc780_.py

@@ -0,0 +1,33 @@
+"""Add default rotation_policy to certs where it's missing
+
+Revision ID: 1db4f82bc780
+Revises: 3adfdd6598df
+Create Date: 2018-08-03 12:56:44.565230
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '1db4f82bc780'
+down_revision = '3adfdd6598df'
+
+import logging
+
+from alembic import op
+
+log = logging.getLogger(__name__)
+
+
+def upgrade():
+    connection = op.get_bind()
+
+    result = connection.execute("""\
+       UPDATE certificates
+           SET rotation_policy_id=(SELECT id FROM rotation_policies WHERE name='default')
+         WHERE rotation_policy_id IS NULL
+        RETURNING id
+    """)
+    log.info("Filled rotation_policy for %d certificates" % result.rowcount)
+
+
+def downgrade():
+    pass