Put Client-Certificates in Organization Resources to Test Allow List Updates

[hhund]

We might want to put the full client certificates into our organization resources instead of just a certificate hash. This would enable us to test entries in the allow list transaction bundle. For example we could test if the Organization.identifier (http://highmed.org/fhir/NamingSystem/organization-identifier) matches part of the certificates common name (CN) and if the organization name (O) matches Organization.name. In case of test failures a user task (#140, #141) could be used to decide to update the allow list anyways.