Add test cases for CA-reuses-key-on-rekey-request
    
    Run through a case where we request a rekey, but the CA gives us a
    certificate that uses our old private key.  This could happen if, for
    example, the helper asked for a renewal using the old key even though
    our intent was to enroll a new key.  Make sure that we keep the old key
    around when we're using files, and ensure that the old key doesn't get
    removed from the NSS database by counting and expecting three:  the old
    key from our first rekey request, the current key, and the candidate
    key.