add ca-certificates for working HTTPS clients out of the box

With the HTTPS being the new norm, having root certificates missing from the OS is causing issues for folks. It would be good to add the ca-certificates package to be base OS.

For instance, the Go runtime has certificate verification working out of the box on every platform it supports because it does the work of looking for the root certificates in the usual places. However, on Alpine, it fails because the root certificates are not installed.

Unfortunately, people are much more likely to turn off certificate validation in their runtime than they are to figure out how to correctly add the certificates. This leads to more insecure code on the web and all that comes with it from snooping to MITM attacks. HTTPS just isn’t optional in 2016 and the vast majority of Alpine images will be used to make HTTPS connections out.

The ca-certificates package adds about 0.6 MB to the image and worth every user being able to get a working HTTPS client out of the box.

(from redmine: issue id 5821, created on 2016-06-29)