Which keyring is used for SSL interception if both the default keyring and a policy-based keyring are specified?