Harden certs.sh: Add pre-check for update-ca-certificates

- Verify /usr/sbin/update-ca-certificates exists and is executable
- Fail fast with clear error message if missing
- Addresses TODO-4: Harden certs.sh with runtime validation

Author: “sahmad154”

native-platform/certs.sh

@@ -24,6 +24,13 @@ set -e
 # Certificate setup for native-platform container
 ##########################################################################
 
+# Verify update-ca-certificates command is available
+if [ ! -x "/usr/sbin/update-ca-certificates" ]; then
+    echo "[certs] ERROR: /usr/sbin/update-ca-certificates not found or not executable"
+    echo "[certs] ca-certificates package may not be installed properly"
+    exit 1
+fi
+
 # Shared certificates base directory
 SHARED_CERTS_DIR="/mnt/L2_CONTAINER_SHARED_VOLUME/shared_certs"
 mkdir -p "$SHARED_CERTS_DIR"