This is a pair of commits for conceptual review and is missingdocumentation and usage() updates to certctl.
----certctl: handle METALOG like install(1) does
Add an unprivileged mode where calls to install are passed appropriate
flags. For ease of integration, use the same flags as install:
-U unprivileged mode -D <destdir> Specify DESTDIR (overrides the environment) -M <metalog> Full path to METALOG file
Support NO_ROOT when calling certctl.
Use the certctl in the source tree rather than trying to figure out
if it supports new features. Key off the existance of openssl in the
path rather than certctl. This is also more friendly to foreign