Mount CA cert secret in ws-daemon, server and image-builder

[csweichel]

When Gitpod is running using "self-signed" certs this can mean one of four things:

• the SCM Gitpod will need to talk to uses certs signed by a custom CA
• the Docker registry Gitpod will need to talk to uses certs signed by a custom CA
• Gitpod itself will serve its content using certs signed by a custom CA
• we need to support a custom CA cert in workspaces to access other services

In all those cases we need to mount the CA certs in /etc/ssl/certs/somefilename.crt in the following container:

• ws-daemon
• image-builder
• server

In case of server we also need to set the NODE_EXTRA_CA_CERTS env var to point to /etc/ssl/certs/somefilename.crt. In case of the Go components placing the file is enough (if it exists prior to the start of those services - which it does in case of Kubernetes).

Note: we must not mount the secret into /etc/ssl/certs directly, as that would replace the other root CA certs.