docker: ca-certificates not installed, breaks jupyterlab's extensions support

[draeath]

Steps To Reproduce

With the docker container, the ca-certificates OS package is not installed/retained. This breaks the extension discovery component of JupyerLab, if the user accepts consent for external resources.

It's possible this might interfere with other TLS use, perhaps when using requests or aiohttp (I have not tested) which can be useful when loading in data to process.

I have confirmed that installing the ca-certificates package fully resolves this problem.

Expected Behavior

Normal function of jupyterlab's extensions manager

Actual Behavior

External repositories/metadata cannot be reached via TLS due to no valid CA trusts.

Additional Information

The discover portion of the extention manager reports Error searching for extensions: Error: Unhandled error and the following is reported to STDOUT/STDERR:

[W 2024-11-20 05:02:28.795 ServerApp] SSL Error on 17 ('2a04:4e42:400::223', 443, 0, 0): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
[E 2024-11-20 05:02:34.428 ServerApp] Uncaught exception GET /lab/api/extensions?query&page=1&per_page=30&refresh=0&1732078954242 (192.168.0.43)
    HTTPServerRequest(protocol='http', host='127.0.0.1:8888', method='GET', uri='/lab/api/extensions?query&page=1&per_page=30&refresh=0&1732078954242', version='HTTP/1.1', remote_ip='192.168.0.43')
    Traceback (most recent call last):
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/tornado/web.py", line 1790, in _execute
        result = await result
                ^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/handlers/extension_manager_handler.py", line 37, in get
        extensions, last_page = await self.manager.list_extensions(query, page, per_page)
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 474, in list_extensions
        await self.refresh(query, page, per_page)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 508, in refresh
        await self._update_extensions_list(query, page, per_page)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 681, in _update_extensions_list
        extensions, last_page = await self.list_packages(query, page, per_page)
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 257, in list_packages
        matches = await self.__get_all_extensions()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 311, in __get_all_extensions
        self.__all_packages_cache = await self.__throttleRequest(
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 210, in __throttleRequest
        data = await current_loop.run_in_executor(None, fn, *args)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/concurrent/futures/thread.py", line 58, in run
        result = self.fn(*self.args, **self.kwargs)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1122, in __call__
        return self.__send(self.__name, args)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1461, in __request
        response = self.__transport.request(
                ^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1166, in request
        return self.single_request(host, handler, request_body, verbose)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1178, in single_request
        http_conn = self.send_request(host, handler, request_body, verbose)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1291, in send_request
        self.send_content(connection, request_body)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1321, in send_content
        connection.endheaders(request_body)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1331, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1091, in _send_output
        self.send(msg)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1035, in send
        self.connect()
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1477, in connect
        self.sock = self._context.wrap_socket(self.sock,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 455, in wrap_socket
        return self.sslsocket_class._create(
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 1042, in _create
        self.do_handshake()
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 1320, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
[W 2024-11-20 05:02:34.433 ServerApp] wrote error: 'Unhandled error'
    Traceback (most recent call last):
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/tornado/web.py", line 1790, in _execute
        result = await result
                ^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/handlers/extension_manager_handler.py", line 37, in get
        extensions, last_page = await self.manager.list_extensions(query, page, per_page)
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 474, in list_extensions
        await self.refresh(query, page, per_page)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 508, in refresh
        await self._update_extensions_list(query, page, per_page)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/manager.py", line 681, in _update_extensions_list
        extensions, last_page = await self.list_packages(query, page, per_page)
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 257, in list_packages
        matches = await self.__get_all_extensions()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 311, in __get_all_extensions
        self.__all_packages_cache = await self.__throttleRequest(
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/site-packages/jupyterlab/extensions/pypi.py", line 210, in __throttleRequest
        data = await current_loop.run_in_executor(None, fn, *args)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/concurrent/futures/thread.py", line 58, in run
        result = self.fn(*self.args, **self.kwargs)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1122, in __call__
        return self.__send(self.__name, args)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1461, in __request
        response = self.__transport.request(
                ^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1166, in request
        return self.single_request(host, handler, request_body, verbose)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1178, in single_request
        http_conn = self.send_request(host, handler, request_body, verbose)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1291, in send_request
        self.send_content(connection, request_body)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/xmlrpc/client.py", line 1321, in send_content
        connection.endheaders(request_body)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1331, in endheaders
        self._send_output(message_body, encode_chunked=encode_chunked)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1091, in _send_output
        self.send(msg)
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1035, in send
        self.connect()
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/http/client.py", line 1477, in connect
        self.sock = self._context.wrap_socket(self.sock,
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 455, in wrap_socket
        return self.sslsocket_class._create(
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 1042, in _create
        self.do_handshake()
    File "/home/sage/sage/local/var/lib/sage/venv-python3.12.4/lib/python3.12/ssl.py", line 1320, in do_handshake
        self._sslobj.do_handshake()
    ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
[E 2024-11-20 05:02:34.435 ServerApp] {
    "Host": "127.0.0.1:8888",
    "Accept": "*/*",
    "Referer": "http://127.0.0.1:8888/lab",
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
    }
[E 2024-11-20 05:02:34.435 ServerApp] 500 GET /lab/api/extensions?query&page=1&per_page=30&refresh=0&1732078954242 (e0df9db7a2434e73a40524fbfeeb1497@192.168.0.43) 187.80ms referer=http://127.0.0.1:8888/lab

Environment

• OS: N/A (docker; docker.io/sagemath/sagemath)
• Sage Version: 10.4

Checklist

• [X] I have searched the existing issues for a bug report that matches the one I want to file, without success.
• [X] I have read the documentation and troubleshoot guide

[draeath]

This one's an easy fix, and I'm happy to submit a PR if that's appropriate. Let me know if that's something you'd like me to do, instead of handling it directly.