Add new option to allow overriding the detected SCEP CA chain
The -R option was doing double-duty for the SCEP CA.
1. It was required if the SCEP URL used TLS
2. It override the CA certificate downloaded from the SCEP server
If the chains were different then validating the SCEP responses would
fail.
https://bugzilla.redhat.com/show_bug.cgi?id=1808613