The GENI AM can be invoked with slice credentials signed by previously
unknown slice authorities. Unknown slice authorities are now added
dynamically to the local (geni-cm) database if the slice authority
cert is signed by a known CA root (in $TB/etc/genicacerts).

The current implementation leaves the dynamically added slice
authorities in the database. It would be straightforward to add the
deletion of these slice authorities at the end of
GeniAM::CreateSliver.