A certificate with a URI which has a IPv6 address with a zone ID may
incorrectly satisfy a URI name constraint that applies to the certificate
chain.

Certificates containing URIs are not permitted in the web PKI, so this
only affects users of private PKIs which make use of URIs.

Thanks to Juho Forsén of Mattermost for reporting this issue.

This is CVE-2024-45341.

Tracked in http://b/379881511 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/1700.

/cc @golang/security and @golang/release