nixos/acme: move the crt to fullchain.pem

lego already bundles the chain with the certificate,[1] so the current
code, designed for simp_le, was resulting in duplicate certificate
chains, manifesting as "Chain issues: Incorrect order, Extra certs" on
the Qualys SSL Server Test.

cert.pem stays around as a symlink for backwards compatibility.

[1] https://github.com/go-acme/lego/blob/5cdc0002e9abb2463fffc962dadc3479f72d7486/acme/api/certificate.go#L40-L44