Set SSL_CERT_DIR for embedded Go services
We tell our users to install custom SSL certificates into /opt/gitlab/embedded/ssl/certs/. These certificates then get picked up by everything in omnibus-gitlab that uses OpenSSL.
However, we also have some Go programs in omnibus that use Go's own crypto/tls library instead of OpenSSL (e.g. gitlab-workhorse, see gitlab-workhorse#177 (closed)). These programs will ignore /opt/gitlab/embedded/ssl/certs/.
It turns out we can tell crypto/tls about /opt/gitlab/embedded/ssl/certs/ by setting SSL_CERT_DIR=/opt/gitlab/embedded/ssl/certs/. I suggest that we go through all our Runit services that spawn Go programs and add this setting to the default env hash. It has been reported in gitlab-workhorse#177 (closed) that this works.