fix(RELEASE-2158): use trusted-ca mounts to support self hosted Quay

Add trusted-ca volume mounts to system certificate paths to be
consistent with other tasks in the push-to-external-registry pipeline.
Go-based tools (cosign, mobster) require the CA bundle at
/etc/ssl/certs/ to include it in the system cert pool. This is needed
for push-to-external-registry to work with self-hosted Quay instances
that use custom CA certificates.

Assisted-by: Cursor
Signed-off-by: Lubomir Gallovic <lgallovi@redhat.com>

Author: querti