Feature request: configurable certificate validity period (NotAfter)

[jo-m]

Currently, when using sbctl create-keys, the validity period is hardcoded:

	c := x509.Certificate{
		SerialNumber:       serialNumber,
		PublicKeyAlgorithm: x509.RSA,
		SignatureAlgorithm: x509.SHA256WithRSA,
		NotBefore:          time.Now(),
		NotAfter:           time.Now().AddDate(5, 0, 0),
		Subject: pkix.Name{
			Country:    []string{desc},
			CommonName: desc,
		},
	}

time.Now() can be overridden via faketime, but .AddDate(5, 0, 0) cannot.

Would it be possible to allow to configure the period?
Or, are there deeper reasons to not do this.