* fipstoken will only force authentication for object-related functions when the object is a private or secret key
* certutil does not authenticate to token when in FIPS and only doing cert-related operations
* QA does not provide password to certutil when doing cert-related operations in FIPS tests
cases as well. The test case was depending on the failure to read certs to
detect the failure to read keys. Now certutil returns a failure if no keys
are found. This also means that the FIPS test after the key and cert
has been deleted should expect a failure to list any keys.