conf: Update the v2tlsbaseroot-certificates.pem from Alpine

[eriknordmark]

Description

This ensures that newly installed devices get the current set of TLS root CAs.

Separately we will need to update /config/v2tlsbaseroot-certificates.pem in already installed devices.

Changelog notes

Updated the set of root CA certificates used by TLS from Alpine

PR Backports

Here is the list of current LTS branches (it should be always up to date):

• 16.0-stable
• 14.5-stable
• 13.4-stable

Checklist

• I've provided a proper description
• I've added the proper documentation
• I've tested my PR on amd64 device
• I've tested my PR on arm64 device
• I've written the test verification instructions
• I've set the proper labels to this PR

And the last but not least:

• I've checked the boxes above, or I've provided a good reason why I didn't
  check them.

Please, check the boxes above after submitting the PR in interactive mode.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 28.32%. Comparing base (2281599) to head (bf99176).
⚠️ Report is 247 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5561      +/-   ##
==========================================
+ Coverage   19.52%   28.32%   +8.79%     
==========================================
  Files          19       18       -1     
  Lines        3021     2256     -765     
==========================================
+ Hits          590      639      +49     
+ Misses       2310     1475     -835     
- Partials      121      142      +21     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[rene]

@eriknordmark from which Alpine version did you get the certificates? 3.16.9 (ours)?

[eriknordmark]

@eriknordmark from which Alpine version did you get the certificates? 3.16.9 (ours)?

Yes.
But see the discussion in #5553 - maybe we can simply this to get rid of this file in the conf directory.

[shjala]

@eriknordmark now that #5553 is merged and we decided we need to keep the cert in confing for Eden to work, are you going to mark this "Ready for review"?

[eriknordmark]

@eriknordmark now that #5553 is merged and we decided we need to keep the cert in confing for Eden to work, are you going to mark this "Ready for review"?

I think we also need to update the root certs for deployed systems and this PR currently only does that for fresh installs.
So I think it makes sense to introduce a new /config/extra-root-certificates.pem which Eden can populate and take the base from the integrity protected file in the rootfs.
So I'll rework this from scratch - I don't know if we need to make eden use both the "extra" file and append to the current file to make the transition easier though.