Not only this introduces needless variations between ISO images built from the
same source (hence blocks deterministic builds), but there's a risk that some
package (either one we already ship, or one that we ship some day, or one that
users install themselves) actually use this pair of SSL keys on the Internet,
which is wrong since the private key material is public.

Note that:

 * We run update-ca-certificates after deleting the snakeoil SSL certificate,
   to ensure it's not included in /etc/ssl/certs/ca-certificates.crt.
 * We make sure we delete all symlinks pointing to the SSL snakeoil certificate
   or key, because it avoids having to understand what symlinks are created
   on current Debian, and to track any future changes in this area.

Will-fix: #9416