Provide SSL root of trust to containerized services

We could consider adding another container-level service: providing centralized management of the SSL root of trust. This would be implemented by sharing the host SSL trust store with the containers (it is already shared with non-containerized services of course), and using ca-certificates mechanics to manage it.

It does require a bit more effort than simply bind-mounting /etc/ssl/certs onto the containers though: there are symlinks in that directory that point at /usr/share/ca-certificates, so one would need at the very least to bind-mount both. Most clients should be able to work off the ca-certificates.crt bundle though, we'll have to figure out which use cases necessitate the symlinks.