Generate cert using mkcert so that browsers trust the certificate

[mfenner]

The current approach is generating a certifcate using openssl that is not fully trusted by browsers and has to be used in a "hacky" way. Let's Encrypt doesn't work for local development (localhost, etc).

Describe the solution you'd like

We should generate a local certificate using mkcert, which would be trusted by the browser. This certificate has to be generated fresh for each local dev envelopment.

Describe alternatives you've considered

Using traefik proxy as reverse proxy for SSL termination in local development. It comes with a certificate that sort of works (again "hacky").

[ntarocco]

Personally, this is a nice to have, given that it might cause more troubles than solve them. The self-signed certificate warning in the browser is shown only the first time. Possible workarounds:

• document how to instruct your browser to not show the warning for localhost: https://stackoverflow.com/a/31900210/675178
• change the post_gen hook to also output a self-signed root CA, which can be then added to the Keychain/cert storage: https://stackoverflow.com/a/60516812/675178