Don't include "NEW" in certificate signing requests
Per https://datatracker.ietf.org/doc/html/rfc7468#section-7
NEW is still acceptable for parsing but generators should no
longer be including it.
I also fixed the dbm test cases which no longer execute in the
off-chance this gets backported to some distribution that has
an NSS version that still supports it.
https://pagure.io/certmonger/issue/228
Signed-off-by: Rob Crittenden <rcritten@redhat.com>