fix: support multiple X509Certificate elements in X509Data

[nicoske]

Description

The feature or problem addressed by this PR

X509DataType_ defines x509_certificate with a max cardinality of 1. When an IdP publishes certificate chains in its metadata (signing cert + CA cert in the same <X509Data> block), the second <X509Certificate> overwrites the first during deserialization. pysaml2 ends up with only the CA certificate and loses the actual signing certificate, causing SignatureError: Failed to verify signature.

Closes #731

What your changes do and why you chose this solution

Changed x509_certificate from a scalar field to a list field in X509DataType_, following the existing pattern used by KeyInfoType_ for x509_data, key_name, etc. This aligns with xmldsig-core-schema.xsd where X509DataType is a sequence with maxOccurs="unbounded".

Updated all consumers in mdstore.py, sigver.py, metadata.py and s2repoze/plugins/sp.py to iterate over the list.

Checklist

• Checked that no other issues or pull requests exist for the same issue/change
• Added tests covering the new functionality
• Updated documentation OR the change is too minor to be documented
• Updated CHANGELOG.md OR changes are insignificant