In some cases, NIX_SSL_CERT_FILE may point to variation of cacerts,
see https://github.com/NixOS/nixpkgs/issues/435467 for examples.
`keytool` is not happy with all certs in there, and requires some
special care.
Re-use the tooling we have to populate openjdk 8 with its
trust store, instead of our naïve approach.
The nixpkgs linter doesn't allow us to simply refer to the .pl file from
inside the openjdk directory, and re-exposing it only from the openjdk8
derivation as a passthru is also a bit annoying.
As suggested in PR review, expose the perl script via pkgs and use it
both for build-maven-package and the openjdk8 build.
Fixes#435467.
55ef7dad42