Make a SCCM Deployment dependent on the presence of a User Certificate
I had a quick google, and google states you can not look into another users Cert Store.
So with that in mind. What you could do is create a script that runs in the user context and checks for the cert, and if the cert if found then put a marker down. ie most easliy a file somewhere in the c drive, you could try HKLM, but the user will not likely have access.
With the above, you could either, do a hardware inventory for the file and create a collection off the results. OR just have the file existing as a requirement before it runs.
Its not the best, but it will be better than nothing.
Remember to test test test!
And also give some thought to other users who might use the computer but not have the cert.