cert store for inline .ovpn certificates

[cachebag]

part of #288. depends on the ovpn parser.

changes

new file: util/cert_store.rs

when an .ovpn file has inline certs (<ca>...</ca>), they need to be written to disk so NM can reference them by path.

pub fn store_inline_cert(
    connection_name: &str,
    cert_type: &str,  // "ca", "cert", "key", "ta"
    pem_data: &str,
) -> Result<PathBuf, ConnectionError>;

pub fn cleanup_certs(connection_name: &str) -> Result<(), ConnectionError>;

storage: $XDG_DATA_HOME/nmrs/certs/<connection-name>/
permissions: 0600 for all cert/key files.

wire forget_vpn to call cleanup_certs when deleting an openvpn connection that was imported from .ovpn.

tests

write/read/cleanup cycle, permission checks, cleanup of nonexistent dirs.