It turns out that some ports, including security/libretls, have an
undisclosed dependency on the symlink and cannot be trivially changed
to use the system trust store instead.
Remove one unneeded sample and amend the package message to make it
clear that software which relies on this symlink is not following
recommended practice.
I will look into getting certctl(8) to provide cert.pem instead, but
it may take a while until we can rely on this being in place on all
supported releases.
This partly reverts commit 483e74f44b82.
MFH: 2023Q4