You shouldn't really be worrying about this, the certificate contains only your public key, which is supposed to be public anyway. The only issue is the privacy concern of giving away the information in your certificate to any site that asks for it.
Summary of the issue:
The BBC weather page has a request to http://www.live.bbc.co.uk
.
HTTPS Everywhere is changing the request to httpS://www.live.bbc.co.uk
.
The HTTP server at www.live.bbc.co.uk
is configured to ask for a client certificate for secure connections.
It's likely that BBC just want to identify their employees in order to show special functionalists in the page (Inline editing of the news articles, corrections, etc.)
Remember: By using HTTPS Everywhere, you're overriding the default behavior of the sites you're visiting. The problem you're having is the result of that. The quickest solution is to disable the HTTPS Everywhere rule/option for BBC.
How did I find this?
I dug in Wireshark a bit when making a request to the weather page, and looked for who's sending me the Certificate Request TLS message. Voilà! (Credit to Daniel Kahn Gillmor for the idea)
Why wasn't this message popping before?
Because before you configured your client certificate, Firefox had thought you're not interested in client authentication thing (After all, you had no certificates installed, so no point of giving you the option to choose one). Once you added one certificate, Firefox started thinking "Maybe my human does have a certificate for this site". The certificate can be valid for any number of domain if not explicitly specified. (Note: I'm not sure if it can even be explicitly specified)
How can I make it disappear?
You have a couple of options here. You can either disable the BBC rule in HTTPS Everywhere because t's only partially supported anyway (BBC doesn't officially have HTTPS enabled for normal browsing).
Another solution would be to configure your browser to automatically make the selection for you. From your browser's settings/options/configurations.
Why would any non-malicious web site do that unless I've requested to sign in first?
Convenience. Have a valid certificate? You're automatically logged in once you visit the site.