fix(cache): support private CAs for cache-to-server auth

Resolves N/A

Cache auth requests to SERVER_URL were always pinned to CAStore.file_path(), so self-hosted deployments that terminate TLS with a private or internal CA could not verify /api/projects and failed authorization even when the server endpoint itself was configured correctly.

This adds a dedicated SERVER_CA_CERT_PEM override, wires the cache service’s server Finch pool through the shared CA helper already used for S3, and documents the new self-hosted configuration path. The helper stays responsible for translating PEM bundles into Mint transport options, which keeps the trust override logic in one place instead of duplicating certificate handling in the cache app.

The change also adds tests for the new config accessor and for the server Finch pool trust options so we cover the regression directly.

How to test locally

• cd cache && mix test test/cache/config_test.exs test/cache/finch/pools_test.exs
• cd tuist_common && mix test test/tuist_common/finch_pools_test.exs

No GitHub comments yet.