add automated test to ensure OS-provided certificates are not used

From tor-browser#33534 (closed): Firefox 75 can use OS-provided certificates. This fingerprinting vector is disabled by default but we should add an automated test to confirm that it stays off during future rebasings.

https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/