Inspired by https://bugzilla.mozilla.org/show_bug.cgi?id=1931886
We should have end-to-end monitoring that the reason code we use when revoking in the churner is what appears in the CRL.
We can also check in the CRL diff that revocation reasons don't change, except upgrading to keyCompromise https://github.com/letsencrypt/boulder/blob/2678e688060e91af545cb6055cdb22c156e087cb/ra/ra.go#L2044C1-L2071C2
Inspired by https://bugzilla.mozilla.org/show_bug.cgi?id=1931886
We should have end-to-end monitoring that the reason code we use when revoking in the churner is what appears in the CRL.
We can also check in the CRL diff that revocation reasons don't change, except upgrading to keyCompromise https://github.com/letsencrypt/boulder/blob/2678e688060e91af545cb6055cdb22c156e087cb/ra/ra.go#L2044C1-L2071C2