Chutney fails when Tor is built with --enable-nss

We should get chutney passing when Tor is built with --enable-nss. Currently, it fails for two reasons:

• tor-gencert is not built with NSS.
• If you use a copy of a working tor-gencert, some of the chutney tests fail.