Deal with ca_certificates living across workspaces

[mflendrich]

In Kong's admin API, ca_certificates created in the default workspace are visible in all workspaces.

This has the following consequence: when deck syncs a non-default workspace, it sees a non-empty collection of ca_certificates on the Kong side and a (typically) empty collection of ca_certificates on the file side. This causes deck to delete all ca_certificates from Kong.

Example solution: Expose CA certificates only in the default namespace, and ignore them in non-default namespaces. (@hbagdi +1)

Another example solution: Add a flag to decK (enabled by default) to suppress certificate writing. Possibly for workspaces other than default.