Add COG_CA_CERT env var to inject custom CA certificates into builds
Adds support for injecting custom CA certificates into Cog-built images
via the COG_CA_CERT environment variable. This is useful for users behind
corporate proxies or VPNs that perform TLS interception.
Supported input formats:
- File path: /path/to/cert.crt
- Directory: /path/to/certs/ (concatenates all .crt/.pem files)
- Inline PEM: -----BEGIN CERTIFICATE-----...
- Base64-encoded PEM
The certificate is installed early in the Dockerfile (before tini, apt,
pip) and sets SSL_CERT_FILE and REQUESTS_CA_BUNDLE environment variables.
Also adds:
- Integration test with real HTTPS server using self-signed certs
- mise task for running integration tests: mise run test-integration [filter]
- docker-run command in test harness for container execution