Startup.sh should use JAVA_TRUSTSTORE, not assume default cacerts.

Current situation

The launcher (startup.sh) tries to update the default cacerts keystore when a CURL_CA_BUNDLE is provided. This is fine in most cases, but fails with some 'secured' configurations.

Desired outcome

The launcher should use the JAVA_TRUSTSTORE environment variable to choose the store it updates.