Correct the InternalTLSVncCAFile to comply with selinux policy

InternalTLSVncCAFile currently defaults to /etc/ipa/vnc.crt.
Certmonger attempts to save the CA cert to this path as cert_t, however
/etc/ipa is etc_t.
Moving to /etc/pki/CA/certs which is cert_t resolves the issue, and is
arugably a more suitable location.

Change-Id: Ib275fc43dd772851511598a4932c19fcda706479

docker/services/nova-libvirt.yaml

@@ -91,7 +91,7 @@ parameters:
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/vnc.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtCACert:

docker/services/nova-vnc-proxy.yaml

@@ -50,7 +50,7 @@ parameters:
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/vnc.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtVncCACert:

puppet/services/nova-libvirt.yaml

@@ -88,7 +88,7 @@ parameters:
     description: Specifies the default CA cert to use if TLS is used for
                  services in the internal network.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/vnc.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtCACert:

puppet/services/nova-vnc-proxy.yaml

@@ -56,7 +56,7 @@ parameters:
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
   InternalTLSVncCAFile:
-    default: '/etc/ipa/vnc.crt'
+    default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
   LibvirtVncCACert: