Failure to accept RSS handoff due to expired certificate should return a reasonable error

[jgallagher]

If one attempts to run RSS with an expired recovery silo certificate, the RSS-to-Nexus handoff will fail with an HTTP 500:

17:47:46.709Z INFO 149a0935-acda-452f-9e90-38e0f5b4cc5f (dropshot_internal): request completed
    error_message_external = Internal Server Error
    error_message_internal = failed to create recovery Silo: Invalid Value: certificate, Certificate exists, but is expired
    file = /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/dropshot-0.13.0/src/server.rs:851
    latency_us = 2128608
    local_addr = [fd00:1122:3344:102::5]:12221
    method = PUT
    remote_addr = [fd00:1122:3344:101::1]:51287
    req_id = cfd2748f-387a-4609-bbce-3c214f45e69f
    response_code = 500
    uri = /racks/59324b37-5e1e-4908-93d3-24f2851d3e6d/initialization-complete

On the client (sled-agent) side, it's an opaque "internal server error":

17:47:46.710Z INFO SledAgent (RSS): Failed to handoff to nexus: Error Response: status: 500 Internal Server Error; headers: {"content-type": "application/json", "x-request-id": "cfd2748f-387a-4609-bbce-3c214f45e69f", "content-length": "124", "date": "Fri, 31 Jan 2025 17:47:46 GMT"}; value: Error { error_code: Some("Internal"), message: "Internal Server Error", request_id: "cfd2748f-387a-4609-bbce-3c214f45e69f" } 

I think (?) this should be an HTTP 400, since from Nexus's point of view this is a bad request, and it should definitely include a note that the cert expired in the error message.