Symlink CA certs instead of copy

[ruffsl]

This was a previous approach used with Keymint to prevent the keystore from falling out of sync with itself when renewing CA certs, as well as disk size down by avoiding the duplication of CA cert files. I'd like to test this against all RMW/OS combinations in CI to check which may not support symlinks.

Example: https://github.com/keymint/keymint_tools/blob/9f5bda35dae4ddc927a7f70f2d961451c150f7c0/keymint_tools/build_types/keymint_ros2_dds.py#L167-L172

[ruffsl]

can you please test it locally to make sure that it works at least for the Linux + Fast-RTPS scenario and fix it for that use case?

65aeffd now passes sros2 tests locally using osrf/ros2:nightly-rmw-nonfree

``` # colcon build --packages-up-to test_security Starting >>> sros2 Finished <<< sros2 [1.20s] Starting >>> test_security Finished <<< test_security [3.86s] Summary: 2 packages finished [5.29s] root@6499bb1837bf:/opt/sros2_ws# colcon test --packages-select sros2 test_security Starting >>> sros2 Finished <<< sros2 [6.22s] Starting >>> test_security Finished <<< test_security [2.95s] Summary: 2 packages finished [9.42s] root@6499bb1837bf:/opt/sros2_ws# colcon test-result Summary: 47 tests, 0 errors, 0 failures, 0 skipped ```

[jacobperron]

• Linux
• Linux-aarch64
• macOS
• Windows
• Windows-container

[mikaelarguedas]

GCC/CLang jobs unstable because of a false positive warning. It comes from cyclonedds' latest commit message being a full copy-paste of a build warning.

Unrelated to this PR

[jacobperron]

haha, yeah, I noticed that in another job earlier.