security/ca_root_nss: handle bundle links consistently for ETCSYMLINK

/usr/local/openssl/cert.pem is the default location for security/openssl
so it should be handled just like /etc/ssl/cert.pem base OpenSSL. To
avoid having samples and copies with differing contents point both files
to the actual /usr/local/etc/ssl/cert.pem created by the sample. If users
have set their own content that is likely intended and should be enforced
across all three files.

MFH: 2025Q1
PR: 283161
Differential Revision: https://reviews.freebsd.org/D47908