I do not know PHP, and I've never seen the XMLSecLibs library of RobRichards , but I'm also developing for eSocial (.NET) and know something about procedure how to sign the events and how to communicate to the service, then I will try to help.
You said that you are in doubt on these 3 passages, regarding the certificate:
$objXMLSecurityDSig->add509Cert(file_get_contents('/path_para_chave_PEM_publica'));
$objXMLSecurityKey->loadKey('/path_para_chave_PEM_privada', TRUE);
'local_cert' => '/path_para_chaves_PEM_privada_e_publica_combinadas_em_um_unico_arquivo',
eSocial requires a A1 or A3 digital certificate, both to sign the events and to communicate with the service. In Windows, the A1 certificate usually comes in a .pfx file, which contains both the public key and the private key, and you can install this file in Windows and use it from the Windows certificate store, or open the file directly. In my case I'm always getting the certificate installed in the Windows repository.
As I said, I do not know the XMLSecLibs library, so I can not tell you if it accepts a .pfx file directly, or if it accepts only .pem , but I did a quick search and found that .pem files can also store the public key and private key, such as the .pfx file, and , you can convert a .pfx format file to the .pem format.
Here are some links that explain this better:
Digital Certificate Summary - Knowledge Base link
SECURITY, What are the differences between the PEM, DER, P7B / PKCS # 7, PFX / PKCS # 12 certificates?
link
Conversion of PFX CA certificate (TYPE A1) to PEM
link
So I think you can get a valid A1 digital certificate in .pfx format and convert it to a .pem file, as in the links examples (using some OpenSSL application):
openssl pkcs12 -in certificado.pfx -out certificado.pem –nodes
Once you have done this, I imagine you can use this certificate.pem file on all 3 lines you were in doubt because it will contain the public key and private key of your A1 certificate, and is your A1 certificate that is required to sign the eSocial events and to open communication with the eSocial service (the first two lines of doubt refer to the signature, and the third refers to the transmission).
This certificate used for the signature must have the same CNPJ of the employer whose events are being signed (or CPF), or it may be another CNPJ / CPF as long as you have done a power of attorney on the e-CAC site of the IRS.