[Certificate.Verify] now supports policy validation, as defined by RFC 5280 and
RFC 9618. In order to enable policy validation,
[VerifyOptions.CertificatePolicies] must be set to an acceptable set of policy
[OIDs]. When enabled, only certificate chains with valid policy graphs will be
returned from [Certificate.Verify].