certctl: factor out certname resolution

create_blacklisted() will identify a cert whether it's provided a path to
a cert or the hash.serial format that is shown by certctl list.

Factor this logic out into a resolve_certname() so that it may be reused
elsewhere.