tests/external-signed-ca tests: Fix external-ca.sh to use proper serials

The serial numbers have not been set for the creation of the CA and also
to sign the request. Because of this the local time has been used, which
resulted sometimes in the use of the same time stamp for the CA and the
signing reuqest. The import failed then with same issuer and serial number
error.

The cat to generate the chain.crt has been replaces with openssl x509 calls.

Some comments have also been added.

The script in external-signed-ca-with-manual-copy has been replaced with a
link to the external-signed-ca-with-automatic-copy directory.