error: add is_fatal helper, use in verify_cert

This commit adds a method to `Error` for testing whether an error should
be considered fatal, e.g. should stop any further path building
progress. The existing consideration of fatal errors in
`loop_while_non_fatal_error` is updated to use the `is_fatal` fn.

Having this in a central place means we can avoid duplicating the match
arms in multiple places, where they are likely to fall out-of-sync.

src/error.rs

@@ -257,6 +257,18 @@ impl Error {
             Error::UnknownIssuer => 0,
         }
     }
+
+    /// Returns true for errors that should be considered fatal during path building. Errors of
+    /// this class should halt any further path building and be returned immediately.
+    #[inline]
+    pub(crate) fn is_fatal(&self) -> bool {
+        matches!(
+            self,
+            Error::MaximumSignatureChecksExceeded
+                | Error::MaximumPathBuildCallsExceeded
+                | Error::MaximumNameConstraintComparisonsExceeded
+        )
+    }
 }
 
 impl fmt::Display for Error {

src/verify_cert.rs

@@ -746,9 +746,10 @@ where
     for v in values {
         match f(v) {
             Ok(()) => return Ok(()),
-            err @ Err(Error::MaximumSignatureChecksExceeded)
-            | err @ Err(Error::MaximumPathBuildCallsExceeded)
-            | err @ Err(Error::MaximumNameConstraintComparisonsExceeded) => return err,
+            // Fatal errors should halt further looping.
+            res @ Err(err) if err.is_fatal() => return res,
+            // Non-fatal errors should be ranked by specificity and only returned
+            // once all other path-building options have been exhausted.
             Err(new_error) => error = error.most_specific(new_error),
         }
     }