After unininstall see if certmonger is still tracking any of our certs.
    
    Rather than providing a list of nicknames I'm going to look at the NSS
    databases directly. Anything in there is suspect and this will help
    future-proof us.
    
    certmonger may be tracking other certificates but we only care about
    a subset of them, so don't complain if there are other tracked certificates.
    
    This reads the certmonger files directly so the service doesn't need
    to be started.
    
    https://fedorahosted.org/freeipa/ticket/2702