Ignore any CERT payload after the first instead of failing the exchange

Ignore any CERT payload after the first instead of failing the exchange
when more than one is received.  The first CERT is always the leaf
certificate, additional payloads can be used to send intermediate certs
which iked can not handle at the moment.
This fixes exchanges where the certificate chain is still valid because
matching intermediate certs are available locally in /etc/iked.

Reported and tested by Loïc Revest <l.revest (at) apc.fr>
ok mbuhl@