Certutil would need to run elevated to add certs to the Root and TrustedPublisher stores, so you would need to configure some argument-based privilege elevation settings for those two certutil.exe command lines. Note that you don't need the "cmd.exe /c" bit – at least, there's nothing in your sample command lines that would require it.
Once you've done that, you can create a batch file that runs the two commands, and use UEM to create a shortcut to that batch file in the startup folder, for instance.
To add certificates to "Certificates - Current User" you can use the following PowerShell commands. No elevated privileges required.
Import-Certificate -FilePath .\certificate.p7b -CertStoreLocation Cert:\CurrentUser\CA\ Import-Certificate -FilePath .\certificate.p7b -CertStoreLocation Cert:\CurrentUser\TrustedPublisher\