fix: bundle DigiCert CA certs instead of downloading during Docker build

[Jakuboola]

Summary

Docker build fails at Dockerfile line 133 with curl: (60) SSL: no alternative certificate subject name matches target host name 'cacerts.digicert.com'. The php:7.4-cli base image has an outdated CA bundle that can't verify DigiCert's current server certificate.

Fix: bundle the two DigiCert CA certificate files (GeoTrustRSACA2018.crt, DigiCertGlobalRootCA.crt) in docker/ and COPY them into the image instead of downloading at build time. This also makes the build more reproducible by removing the external download dependency.

Certificates were downloaded from the official DigiCert URLs and verified:

• GeoTrustRSACA2018 — SHA1: 7C:CC:2A:87:E3:94:9F:20:57:2B:18:48:29:80:50:5F:A9:0C:AC:3B (expires 2027)
• DigiCertGlobalRootCA — SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 (expires 2031)

Review & Testing Checklist for Human

• Verify certificate fingerprints match DigiCert's published values at https://www.digicert.com/digicert-root-certificates.htm — these are now static files committed to the repo, so their content matters
• Confirm Docker build succeeds in CI — this change was not tested locally with a full Docker build; CI is the real validation
• Note for future: these certs are now static. If DigiCert rotates them, the files need manual updating (GeoTrust expires 2027, GlobalRoot expires 2031)

Notes

• Link to Devin session: https://app.devin.ai/sessions/cb968c61c84b4ee68c805852c52466a6
• Requested by: @Jakuboola

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring