Switch to CA user when saving NSS certificates
A new parameter was added, nss-user, which indicates
the user to become via setuid/setgid when saving
certificates in NSS. This is necessary when using
SoftHSM as a PKCS#11 device to keep the filesystem
permissions correct.
Also tweak cleaning up duplicate certificates. certmonger
makes an effort to remove any duplicates, those with
duplicated nicknames with different certs, etc.
It didn't handle those with tokens though in NSS. A
certificate in a token will have a mirrored entry in the
database to store trust information. This was being
seen as a "duplicate" and certmogner was removing it, thus
removing the trust.
Fixes: https://pagure.io/certmonger/issue/243
Signed-off-by: Rob Crittenden <rcritten@redhat.com>