CertDB: add API for non-destructive initialization from PKCS#12 bundle

`create_from_pkcs12` method of CertDB was re-creating NSS database files
during PKCS#12 bundle import. This may cause bugs because the file permissions
could be re-set to wrong values causing subtle bugs. Modify the class API so
that the server cert chain can be imported while preserving existing FS
attributes.

https://fedorahosted.org/freeipa/ticket/6429

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

ipaserver/install/certs.py

@@ -588,6 +588,14 @@ class CertDB(object):
         self.create_noise_file()
         self.create_passwd_file(passwd)
         self.create_certdbs()
+        self.init_from_pkcs12(
+            pkcs12_fname,
+            pkcs12_passwd,
+            ca_file=ca_file,
+            trust_flags=trust_flags)
+
+    def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd,
+                         ca_file=None, trust_flags=None):
         self.import_pkcs12(pkcs12_fname, pkcs12_passwd)
         server_certs = self.find_server_certs()
         if len(server_certs) == 0: