Resolve "Support internal root CA"

Introduce template/_certificates.tpl for population of certificates to various containers that may require the insertion of custom certificate authority root certificates.

This is implemented as a small set of changes to each affected Chart, and the addition of a template that provides the content that these charts will use. The use of template provides DRY development patterns, we all as simplifying any future alterations.

This MR relies on gitlab-org/build/CNG!133 (merged), which introduces alpine-certificates container that is used by the injected initContainer.

How it works:

• Adds 2 volumes:
  • etc-ssl-certs is a shared emptyDir volume, mounted to /etc/ssl/certs in all application containers
  • custom-ca-certificates is a projected volume, mounting all keys of secrets provided to global.certificates.customCAs to /usr/local/share/ca-certificates into the initContainer
• alpine-certificates container builds a complete system CA bundle into /etc/ssl/certs, dereferencing symlinks to ensure that volume's contents are portable. This pulls in /usr/share/ca-certificates from the ca-certificates package, and the contents of /usr/local/share/ca-certificates as provided by the custom-ca-certificates volume.
• application containers mount etc-ssl-certs, now including custom CAs

Closes #255 (closed) directly

Closes #254 (closed) indirectly, as we're now injecting updated ca-certificates bundle as a part of alpine-certificates container operation.