Backend should validate that certificates is valid for the address that used it

Currently it is possible to setup partner certificate in manager that are refused by gateway. It should be easy to add a check to verify that the certificate has a SAN corresponding to the interface address.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information