acme: add preferred_chain option

Let's Encrypt currently (cross)signs its certificates with both ISRG Root X1 and DST Root CA X3: https://community.letsencrypt.org/t/production-chain-changes/150739

This breaks on DoH/DoT servers used as Android Private DNS because Android excepts each single CA which signed/crosssigned the certificate to be valid, instead if it already met a well-known valid one during the bottom-up validation.

This MR adds the ability to configure a custom preferred chain globally or for each certificate.