Only user "root" and group "ssl-cert" can open this directory to read
the contents of the folder.
All directories in a tree must be readable/executable to the effective
user or group for that user to be able to access the leaf.
Once executed, Exim drops privs to run as a non-privileged user -
usually exim or exim4-something and as such does not fit the criteria of
the users able to read the keys.
