ocsp: Accept a server not responding with a nonce

* src/ocsp.h (struct ksba_ocsp_s): Remove good_nonce.
* src/ocsp.c (parse_response_extensions): No not set good_nonce.
(ksba_ocsp_parse_response): Simplify the check.

It is somewhat strange that the server is allowed not to return the
nonce. This is likely done for performance reaons on the server, so
that cached responses can be return for some time.

A responder which has this (imho) questionable behaviour is
http://tqrca1.ocsp.telesec.de/ocspr

The caller should follow the suggestion from RFC-8954 to mitigate
replay attacks.