Add values to inject trusted certs into streaming

[abbottmg]

This PR addresses #86

Node.js appears to be more picky about self-signed certificates than rails. That said, it accepts a (singular) file containing one or more root certificates that should be trusted alongside the system's CAs. This changeset declares a short stanza, mastodon.streaming.extraCerts, empty by default, which can pull a .crt file from an existing secret. It then mounts that file as a projected volume and passes the filepath to node via an env var. The stanza also allows users to set the TLS "mode" (read: validation strictness) that Node will use. In my testing, it seemed that no-verify may be necessary for some root certs, but can be avoided often enough that it seems wise not to use it as a default value.

Lastly, the stanza allows you to pick a custom name for the projected volume name, in case of compatibility issues.

I want to acknowledge @SISheogorath both for setting me on the TLS path and for providing a working example from their server. While I didn't happen to see the example until I climbed out of my rabbit hole with a similar solution of my own, it was very encouraging to know I wasn't hacking something overly clever together, and saved me a lot of time confirming this was an appropriate solution.

[abbottmg]

Just ran into the need for this again. Can we get a review?