Improve support for custom CA certificates in rootless images

The custom CA certificates support relies on adding the custom CA to the system CA store which is not possible a non-root user. The rootless images will error out with a message if the GITLAB_TOFU_CUSTOM_CA_CERT variable is set.

We should think about alternatives to handle this properly, like using one of the SSL_CERT_ environment variables. We just need to make sure to add the users custom CA certificate to the store instead of replacing the entire store.