Add new certs to internal token, try harder to remove on renewal
When using a hardware token the certificate will appear twice:
- on the hardware token
- on the internal token as a placeholder for trust
When renewing a certificate be sure to put a copy of the new
certificate onto the internal token to store that trust.
Similarly when a new certificate is added ensure that any old
certificates with the same nickname are removed. This needs to
span all tokens.
SEC_DeletePermCertificate() will not necessarily remove the
certificate on the token it is in so do multiple passes of
"find the certificate" to ensure all copies are removed.
Fixes: https://pagure.io/certmonger/issue/258
Signed-off-by: Rob Crittenden <rcritten@redhat.com>