Add support for CA certificate for auth provider

[lgutter]

Description & motivation 💭

When using an SSO provider with a certificate signed by our own internal CA, the ui server is currently unable to verify the certificate. This change adds support for providing a CA certificate to enable verification of the used certificate.

Screenshots (if applicable) 📸

N/A

Design Considerations 🎨

minimal impact, only used IF a CA cert is provided.

Testing 🧪

Added tests and I already use this to connect to a self-hosted keycloak.

How was this tested 👻

• Manual testing
• E2E tests added
• Unit tests added

Steps for others to test: 🚶🏽‍♂️🚶🏽‍♀️

Deploy this new version & provide a caFile or caData (base64 encoded) to trust a custom certificate for SSO.

Checklists

Draft Checklist

Merge Checklist

Issue(s) closed

#2957

Docs

Any docs updates needed?

Changes required are mimimal, but the env vars for web UI should be updated with:

TEMPORAL_AUTH_CA
The path for the Transport Layer Security (TLS) Certificate Authority file for the auth provider endpoint.

In order to use TLS with a self-hosted Auth provider, you'll need a CA certificate issued by a trusted Certificate Authority. Set this variable to properly locate and use the file.

TEMPORAL_AUTH_CA_DATA
Stores the data for a TLS CA file.

This variable can be used instead of providing a path for `TEMPORAL_AUTH_CA`.

[vercel]

@lgutter is attempting to deploy a commit to the Temporal Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[lgutter]

@rossnelson @Alex-Tideman Any chance you can look at this? :)

[lgutter]

@rossnelson @Alex-Tideman just a friendly reminder for this MR, would love to get this merged!