Add custom CA file support for OVIS oauth2-proxy in setup script and compose file

Enhanced the OVIS setup by introducing support for custom OIDC CA files in the oauth2-proxy configuration. Updated the ovis-compose.yml to include new environment variables and volume mounts for trusted CA certificates. Modified the ovis-setup.sh script to detect and log the presence of custom CA files, ensuring secure communication with OIDC providers.

ccp/modules/ovis-compose.yml

@@ -6,6 +6,8 @@ services:
     environment:
       - http_proxy=http://forward_proxy:3128
       - https_proxy=http://forward_proxy:3128
+      - OAUTH2_PROXY_USE_SYSTEM_TRUST_STORE=true
+      - OAUTH2_PROXY_PROVIDER_CA_FILES=${OVIS_OAUTH2_PROXY_PROVIDER_CA_FILES}
       - OAUTH2_PROXY_PROVIDER=oidc
       - OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
       - OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_PRIVATE_URL}
@@ -27,6 +29,8 @@ services:
       - OAUTH2_PROXY_ALLOWED_GROUPS=${OIDC_USER_GROUP}
       - OAUTH2_PROXY_OIDC_GROUPS_CLAIM=${OIDC_GROUP_CLAIM}
       - OAUTH2_PROXY_PROXY_PREFIX=/oauth2-ovis
+    volumes:
+      - /etc/bridgehead/trusted-ca-certs:/etc/bridgehead/trusted-ca-certs:ro
     labels:
       - "traefik.enable=true"
       - "traefik.http.services.ovis-traefik-forward-auth.loadbalancer.server.port=4180"