Log Message:
security/ca-certificates: Clarify and adjust language

Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).

Note that modification outside of the package's files is either to
base or to pkgsrc openssl.

Clarify that there's a supported way to exclude particular certs as
trust anchors.