Disable cert verification for pkg-bootstrap when no cert.pem

Disable cert verification for pkg-bootstrap when no cert.pem

Our site uses HTTPs and fetch(1) requires /etc/ssl/cert.pem or
/usr/local/etc/ssl/cert.pem to verify the server's certificate.
However, when one needs to bootstrap the 'pkg', that cert.pem
generally doesn't exist since it is installed by the ca_root_nss
package.  So disable certificate verification for fetch(1) in
such a case.

Split out 'pkg-bootstrap-{fetch,install}' targets to get rid of
some duplicate codes.