Remove certificate genrules from denylist

The denylist was built by running `genrule_sandbox_test.py` on all
modules in the tree. `genrule_sandbox_test.py` checks that the sandboxed
genrules build, but also that they get the same results as the
unsandboxed version.

In this case, the genrule actually builds with sandboxing just fine,
but they have non-deterministic results, which caused
`genrule_sandbox_test.py` to think that they didn't work with
sandboxing.

Test: m com.android.apex.apkrollback.test.pem com.android.apex.apkrollback.test.pubkey com.android.apex.cts.shim.debug.pem com.android.apex.cts.shim.debug.pubkey com.android.apex.cts.shim.pem com.android.apex.cts.shim.pubkey com.android.apex.cts.shim.v2_no_pb com.android.apex.cts.shim.v2_signed_bob com.android.apex.cts.shim.v2_signed_bob_rot com.android.apex.cts.shim.v2_signed_bob_rot_rollback com.android.apex.cts.shim.v2_unsigned_apk_container com.android.apex.cts.shim.v3_signed_bob com.android.apex.cts.shim.v3_signed_bob_rot com.android.apex.cts.shim_not_pre_installed.pem com.android.apex.cts.shim_not_pre_installed.pubkey com.android.apex.rotation.key.bob.pem com.android.apex.rotation.key.bob.pk8 com.android.apex.rotation.key.bob.rot com.android.apex.rotation.key.bob.rot.rollback com.android.apex.rotation.key.bob.x509.pem com.android.overlaytest.overlaid.pem com.android.overlaytest.overlaid.pubkey com.android.overlaytest.overlay.pem com.android.overlaytest.overlay.pubkey
Change-Id: I950767449025163d8c71bb5a7b2e2f15a1ce4a84