Clean up profiles to remove old-style optional fields #304
Description
It's unclear to me whether these profiles should represent all our current unexpired certificates, or just the CA certificates that we are issuing at the time. I think we can remove references to things like OCSP URIs, TLSClientAuth (in CAs), etc.
But maybe we want to wait on this until we've fully switched to the Y Hierarchy.