PAM: add certificate matching rules from all domains
Currently the PAM responder only reads the certificate mapping and
matching rules from the first domain. To support Smartcard
authentication for local and remote users all configured domains must be
taken into account.
Related to https://pagure.io/SSSD/sssd/issue/3500
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>