"SSL peer certificate or SSH remote key was not OK" error on fresh Nix install on macOS

My system keychain has 172 certificates, ~/.nix-profile/etc/ssl/certs/ca-bundle.crt has 137, and /etc/ssl/cert.pem has 72 (I filtered out expired certificates from all 3 sets).

So probably not ideal, but still a desired improvement because it would be more robust (i.e. support user uninstalling ca-bundle.crt) and bring macOS inline with the other operating systems/distributions, which all get a setting for NIX_SSL_CERT_FILE.

Just only use it as a fallback for when there is no ~/.nix-profile/etc/ssl/certs/ca-bundle.crt, as we don’t know how frequently Apple updates the bundle included with the OS.

@lilyball Will you do a PR for this?