(#6972) Handle ca-location in the certificate string.
This ports the existing certificate location configuration to be a string
option, and then uses that to change the configuration. This will leak state
between calls, which is somewhat unavoidable, but should at least get the
basic stuff right for the CLI.
We eventually need the CA string to be supported by a stateless internal CA
implementation that allows us to do the right thing overall.
Reviewed-By: Dan Bode <dan@puppetlabs.com>