Only require one valid pkinit anchor/pool value

Only require one valid pkinit anchor/pool value

When processing pkinit_anchor or pkinit_pool values, return
successfully if at least one value is successfully loaded (or if none
are configured).

pkinit_identity_prompt() was the backstop against trying anonymous
PKINIT without configured anchors.  After this change it no longer is,
so add an explicit check for no anchors in pkinit_client_process().

[ghudson@mit.edu: added code to clear ignored errors; made minor style
edits; added no-anchors check]

ticket: 8988 (new)