Add missing EKU values to end certs

[iaftab-alam]

WHAT is this change about?

Add missing EKU values for leaf certificates in order to be compliant with x509 standards.

What customer problem is being addressed? Use customer persona to define the problem e.g. Alana is unable to...

Alana wants to make sure that the end certificates are compliant and should have correct EKU values where if not present it might behave unexpected behavior with strict security environments or clients.

Please provide any contextual information.

#1287

Has a cf-deployment including this change passed cf-acceptance-tests?

• YES
• NO

Does this PR introduce a breaking change? Please take a moment to read through the examples before answering the question.

• YES - please choose the category from below. Feel free to provide additional details.
• NO

How should this change be described in cf-deployment release notes?

N/A

Does this PR introduce a new BOSH release into the base cf-deployment.yml manifest or any ops-files?

• YES - please specify
• NO

Does this PR make a change to an experimental or GA'd feature/component?

• experimental feature/component
• GA'd feature/component

Please provide Acceptance Criteria for this change?

No downtime and Vanilla CF should deploy without any issue.

What is the level of urgency for publishing this change?

• Urgent - unblocks current or future work
• Slightly Less than Urgent

Tag your pair, your PM, and/or team!

It's helpful to tag a few other folks on your team or your team alias in case we need to follow up later.

[iaftab-alam]

Notable changes are kept as it is:

1. The uaa-oidc_ca in operations/test/add-oidc-provider.yml is not changed! It is a CA and has an EKU set, which is unnecessary and can be removed. But leave this to the reviewer and community to.
2. The other two leaf Certs saml_oidc-key1, uaa-oidc-cert1 in operations/test/add-oidc-provider.yml and uaa_login_saml, uaa_jwt_signing_cert in cf-deployment.yml are left as it is.