feat: add optional registry CA certificate installation step

Author: chriswydra

.github/workflows/docker-build.yml

@@ -44,6 +44,9 @@ on:
       BAKE_SECRETS:
         required: false
         description: 'Build secrets in docker secret format'
+      REGISTRY_CA_CERT:
+        required: false
+        description: 'CA certificate for registry TLS verification (PEM format)'
     outputs:
       build_id:
         description: 'Build identifier (run_number-sha)'
@@ -90,6 +93,17 @@ jobs:
           echo "GIT_ORIGIN=${{ github.server_url }}/${{ github.repository }}" >> $GITHUB_ENV
           echo "GIT_REVISION=${GITHUB_SHA}" >> $GITHUB_ENV
 
+      - name: Install registry CA certificate
+        if: ${{ secrets.REGISTRY_CA_CERT != '' }}
+        run: |
+          # Add CA to system trust store
+          echo "${{ secrets.REGISTRY_CA_CERT }}" | sudo tee /usr/local/share/ca-certificates/registry-ca.crt
+          sudo update-ca-certificates
+          
+          # Add CA to Docker daemon for registry access
+          sudo mkdir -p /etc/docker/certs.d/${{ inputs.registry_host }}
+          echo "${{ secrets.REGISTRY_CA_CERT }}" | sudo tee /etc/docker/certs.d/${{ inputs.registry_host }}/ca.crt
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3