Add Support To Trust Customer Cert Authorities

[andscoop]

Some users will need the ability to trust custom CA's if they choose to supply their own certs which have been issued by a CA not trusted by base OS.

The docker-cli has some code built around this that we should attempt to replicate as closely as possible. This is because of the fact that we are wrapping docker-cli calls in some places as well as making http calls against the registry and houston-api. We will want consistent behavior, especially when we are making an http call and a docker-cli command in the same astro-cli command.

I have some example code proving out the solution, but will need to take time to replicate docker-cli way of doing things.

[andscoop]

Some more context

• Example code for passing a trusted cert in go
• Discussion Around Adding trusted certs in docker
• error message we were seeing when running a GET against repository list
  • x509: certificate signed by unknown authority

[andscoop]

Related issues for future reference. It appears there is a bug in go that may prevent cert reads from the keychain
golang/go#14514
moby/moby#23105

[andscoop]

One more issue for reference.
golang/go#24652

I think we're going to be good to close this one out with no code changes. It appears that there Is an issue with go reading certs from keychain if the cert is not fully trusted. In the case of enterprise customers using their own cert tools we may run across this again in the future.

To resolve,

1.) Add cert to keychain if it does not exist already
2.) Open keychain go to System Certificates
3.) Find cert and double click to open
4.) Hit "Trust" dropdown arrow
5.) Change "When Using This Certificate" from Use System Defaults to Always Trust
6.) Exit window, you will be prompt for user and pass to save user specific cert settings
7.) Re-attempt deploy