Alex: ca-certificates on 7: 'GlobalSign ECC Root CA - R4' didn't go into objsign-ca-bundle.pem + FNMT

GlobalSign conflict:
`GlobalSign ECC Root CA - R4` coming from Mozilla:
serial: 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
usage: Certificate Sign, CRL Sign
`GlobalSign` coming from Microsoft:
serial: 02:03:e5:7e:f5:3f:93:fd:a5:09:21:b2:a6
usage: Digital Signature, Certificate Sign, CRL Sign
same pubkey
same validity
same subject: OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
RHEL 8.8: goes into objsign-ca-bundle twice, as `GlobalSign` and as `GlobalSign ECC Root CA - R4`
RHEL 7: goes into objsign-

twice, as `GlobalSign` and as `GlobalSign ECC Root CA - R4`
old RHEL 7.9, 8.1, 8.2, 8.4, 8.6, 9.0: objsign twice
new RHEL 8.1, 8.2, 8.4, 8.6, 8.8, 9.0, 9.2: objsign twice
new RHEL 7.9: tls & email twice

'AC RAIZ FNMT-RCM' and 'FNMT -RCM' conflict:
"AC RAIZ FNMT-RCM" from Mozilla:
serial: 5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
signature algorithm: sha256WithRSAEncryption
"FNMT-RCM" from Microsoft:
serial: 81:bb:dd:6b:24:1f:da:b4:be:8f:1b:da:08:55:c4
signature algorithm: sha1WithRSAEncryption
same pubkey
same subject: C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM
usage: Certificate Sign, CRL Sign
validity: differs by one second
RHEL 8: goes into tls-ca-bundle twice, as `AC RAIZ FNMT-RCM` and `FNMT-RCM`
RHEL 7: goes into objsign-ca-bundle twice, as `AC RAIZ FNMT-RCM` and `FNMT-RCM`
old RHEL 7.9, 8.1, 8.2, 8.4, 8.6, 9.0: tls twice
new RHEL 8.1, 8.2, 8.4, 8.6, 8.8, 9.0, 9.2: tls twice
new RHEL 7.9: objsign twice

Merging the two global sign and two FNMT will remove restore things the the proper procession. Only rhel7 has problematic missing permissions. Longer term we need to have the merge script handle these kind of certs automatically.