This way we only have one reference for each CA certificate, whether it is loaded in an authority section, a connection or via load-certs() command. It also avoids enumerating CA certificates multiple times if they are loaded in different ways.