dirmngr: Fix CRL DP error fallback to other schemes.

* dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop.
Remove the unused issuername_uri stuff.

It is quite common that LDAP servers are blocked and thuis the HTTP
access point should be used instead. This worked well for
certificates where the DP are given in this form:

crlDP: ldap://x500.bund.de/[...]
       http://x500.bund.de/[...]
       issuer: none

but it failed for this form

crlDP: ldap://x500.bund.de/[...]
       issuer: none
crlDP: http://x500.bund.de/[...]
       issuer: none

because the LAST_ERR thing terminated the outer loop. This pacth
fixes this and also cleans up the code to be more robust.

Note that the common workaround of using --ignore-ldap-dp will now
only be needed if the firewall uses packet dropping instead of proper
ICMP rejects.