allow a data provider to specify a different certificate used in signing a direct result

src/main/proto/wfa/measurement/api/v2alpha/requisitions_service.proto

@@ -135,6 +135,12 @@ message FulfillDirectRequisitionRequest {
   // (-- api-linter: core::0141::forbidden-types=disabled
   //     aip.dev/not-precedent: This is a random 64-bit value. --)
   fixed64 nonce = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Resource name of the `Certificate` belonging to the `DataProvider` that
+  // can be used to verify the result. If unspecified, the
+  // `data_provider_certificate` from the `Requisition` will be used.
+  string certificate = 4
+      [(google.api.resource_reference).type = "halo.wfanet.org/Certificate"];
 }
 
 // Response message for `FulfillDirectRequisition` method.