Pilot proxies could be generated with invalid VOMS ACs
A proxy's VOMS AC is validated from:
1. A lookup of the VO name + VOMS URI (excluding the port) to find the
corresponding .lsc file in '/etc/grid-security/vomsdir'
2. The cert chain from the .lsc file is compared to and used to verify
If a VO has multiple entries in the VOMS configuration, a proxy may be
generated with a mismatched URI + issuer.