Revise expire callback regress to use chains with expired certificates.

Revise expire callback regress to use chains with expired certificates.

Rather than using X509_STORE_CTX_set_time() (which is resulting all
certificates in the chain being treated as expired), use chains that have
an expired leaf or expired intermediate. This triggers a different code
path, which is currently mishandled (and hence failing).

Also ensure that the resulting error and error depth match what we expect
them to be.