This change lead to completely overhauling the bearssl_read_certs()
function, which now deals directly with FILES, instead of depending on
mmap_file. There is some slight added complexity for dealing with the
file reads.
The idea for this came from the idea of implementing path resolution
using openat() instead of path concatenation, so there was a need to
pass either fds or file streams to functions instead of specific paths.
The previous impl clobbered most of the ta array if it was reutilized.
Add proper bookkeeping to solve this and enable reading from multiple
files.
The necessary changes in gemi.c are in the next commit, due to being
more involved and adding unrelated features.