Support updating CA certs on a wide range of images

Story

As a DevTools customer, I would like to have CA certs on my arbitrary images, So that I can make HTTPS requests.

Solution

There are definitely several levels to this, and I see them something like as follows:

1. Current solution (at time of writing) which applies only to subset of OSes that either… a. have write access to /usr/local/share/ca-certificates and access to the update-ca-certificates command, or b. have write access to /etc/ssl/certs/ca-certificates.crt or /etc/ssl/cert.pem and use either of those by default.
2. Copy the manager's certs to the workers and move them to right locations when possible, or try to get applications to source them from a writable directory when not.
3. Test the worker's operating system, determine package manager and default cert paths, use package manager to install cert manager when possible and update certs the "correct" way when possible, falling back to level 2 when not possible.

I came across a nice example that completes a lot of the up front work for level 3: https://github.com/millermatt/osca.