Certificates are public, the NSA can just download them.

You mean private keys. Reddit uses forward secure TLS, so obtaining the private keys does not allow the NSA to decrypt the traffic, as fresh keys are negotiated on each connection. The long term private key is used only for identification, so they allow you to impersonate the server but as far as I'm aware, nobody has yet seen evidence of a large, popular website having all of its traffic hijacked by state actors with stolen SSL keys. I can only imagine that such an attack would be quite visible (unless the taps were done internally inside a big CDN).

According to the Snowden documents, traffic is hijacked in a targeted manner. So, for example, only on pages served to the designated user, IP address or IP blocks etc. We would not see all it's traffic altered, we would only see traffic being altered if we were being directly targeted. It would be incredibly hard to see by others.

Also, the SSL keys are not stolen, we have to assume that they have been given to them based on the letter. The gag order and canary indicated that everything has been compromised.

Doing that requires you to be able to see through at least some connections in the first place, in order to figure out which connections are from your target victim. That's why QUANTUM is a combination of packet sniffing and packet injection. If everything is SSLd then it's much harder to deal with cases where a users connection moves around.

I'm not familiar with reddit's set up. But given that a NSL means that anything and everything can be given over to the NSA by reddit, does this mean that it's not hard for them to do this now?

Only if they were able to get a direct tap of all traffic entering Reddit's servers inside AWS. Then SSL is irrelevant of course. Doesn't matter what keys or crypto you use.

If it's not a direct real-time feed then, no, doesn't really change much.