install: fix --external-ca-profile option

Commit dd47cfc75a removed the ability
to set pki_req_ext_oid and pki_req_ext_data in the pkispawn config.
This results in the --external-ca-profile option never setting the
requested values in the CSR (the default V1 template type specifying
"SubCA" is always used).

Remove relevant fields from both ipaca_default.ini and
ipaca_customize.ini.  This allows the IPA framework to set the
values (i.e. when --external-ca-type=ms-cs and
--external-ca-profile=... demand it).  It also allows users to
override the pki_req_ext_* settings.

Part of: https://pagure.io/freeipa/issue/7548
Related: https://pagure.io/freeipa/issue/5608
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>

install/share/ipaca_customize.ini

@@ -93,11 +93,6 @@ pki_ca_signing_key_type=%(ipa_ca_key_type)s
 pki_ca_signing_signing_algorithm=%(ipa_ca_signing_algorithm)s
 pki_ca_signing_token=%(pki_token_name)s
 
-# MS subca request ext data
-pki_req_ext_oid=1.3.6.1.4.1.311.20.2
-pki_req_ext_critical=False
-pki_req_ext_data=1E0A00530075006200430041
-
 ## ocspSigningCert cert-pki-ca
 pki_ocsp_signing_key_algorithm=%(ipa_key_algorithm)s
 pki_ocsp_signing_key_size=%(ipa_key_size)s

install/share/ipaca_default.ini

@@ -115,7 +115,6 @@ pki_ca_starting_crl_number=0
 
 pki_external=False
 pki_external_step_two=False
-pki_req_ext_add=False
 
 pki_external_pkcs12_path=%(pki_pkcs12_path)s
 pki_external_pkcs12_password=%(pki_pkcs12_password)s