[Docker] Custom CA Certificate configuration for GitHub Enterprise usage

[rkargMsft]

Describe the feature or problem you’d like to solve

GitHub Enterprise instances can utilize internal CA certificates and the docker container doesn't have a defined way to provide custom CA certs.

Proposed solution

Document (and implement if necessary) a preferred way to provide custom CA certificates for working with GitHub Enterprise instances.

Additional context

The Docker image is based on a distroless image so there isn't a straight forward way to do this right now.

[williammartin]

Not being familiar with this feature, is this the GitHub doc describing it: https://docs.github.com/en/enterprise-server@3.16/admin/configuring-settings/hardening-security-for-your-enterprise/configuring-tls?

[rkargMsft]

The issue is that when the MCP server is running in the docker container, it makes https connections to the GitHub server. In our case, that's a GitHub Enterprise instance that uses a TLS certificate that's signed by our internal Certificate Authority (CA). But that internal CA is not a publicly trusted CA that is built in to operating systems so it needs to be installed/trusted inside the container.

This is normally done by either building a new container based on the base container or by updating the CMD to run the container to copy in the CA and update-cacertificates, but the distroless container doesn't have that tooling installed so it's not immediately clear how that's expected to be achieved.

Also, it would be better to have a built in way to add trusted CA certificates as I would imagine many GitHub Enterprise setups use internal CAs and it would be wasteful to have each of them set up their own build process to create new container images with their custom CAs installed in them.