Don't crash if gnutls_x509_crt_list_import() fails

Don't crash if gnutls_x509_crt_list_import() fails

On error, gnutls_x509_crt_list_import() deinitializes any certificates
that it loaded (this isn't documented, of course, but see [1]). However,
we're also deinitializing them in the error handling case, resulting in
a double-free. Set nr_extra_certs to zero in that case so that we don't
crash.

1: https://gitlab.com/gnutls/gnutls/blob/gnutls_3_6_9/lib/x509/x509.c#L3864

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>