Add null safety checks for Azure SDK responses

- Add null checks for certificate.Value.Cer in GetCertificateAsync
- Add null checks for certificate.Value.Value in GetCertificateWithPrivateKeyAsync
- Prevents NullReferenceException when mocked clients return null responses
- Improves defensive programming for edge cases

Author: claude

src/LettuceEncrypt.Azure/Internal/AzureKeyVaultCertificateRepository.cs

@@ -63,6 +63,12 @@ public async Task<IEnumerable<X509Certificate2>> GetCertificatesAsync(Cancellati
 
             var certificate = await certificateClient.GetCertificateAsync(normalizedName, token);
 
+            if (certificate?.Value?.Cer == null)
+            {
+                _logger.LogWarning("Certificate response for {domainName} was null or empty", domainName);
+                return null;
+            }
+
             return new X509Certificate2(certificate.Value.Cer);
         }
         catch (RequestFailedException ex) when (ex.Status == 404)
@@ -95,6 +101,12 @@ public async Task<IEnumerable<X509Certificate2>> GetCertificatesAsync(Cancellati
 
             var certificate = await secretClient.GetSecretAsync(normalizedName, null, token);
 
+            if (certificate?.Value?.Value == null)
+            {
+                _logger.LogWarning("Certificate secret for {domainName} was null or empty", domainName);
+                return null;
+            }
+
             var certBytes = Convert.FromBase64String(certificate.Value.Value);
             var cert = new X509Certificate2(certBytes, (string?)null, X509KeyStorageFlags.Exportable);