Enable tls verification in all build strategy push steps

[sbose78]

Today's there's no good way to make the build pod "aware" of custom CA certs, this makes it hard to have tls verification enabled for registries ( incl local registries ) which make use of custom CA keys to sign their certificates.

https://github.com/shipwright-io/build/blob/master/samples/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml#L30

[sbose78]

Proposal that should address association of custom CA certs https://github.com/shipwright-io/build/blob/master/docs/proposals/local-registry-image-specs.md

[qu1queee]

@sbose78 seems this is a duplicate of https://github.com/shipwright-io/build/issues/169 . If this is the case please close one of the issues.

[SaschaSchwarze0]

In the context of this slack thread, I was ending up in this issue. I think we have (at least) two TODOs:

1. make our strategies secure by default (see the other issue), but allow insecure
2. support custom certificates

Imo both should eventually be first-class parameters of a Build (rather than a custom parameter like it is for buildkit these days).

Both is difficult to introduce as a common capability in Shipwright because it today means that it must be implemented in every sample build strategy - which is probably possible. It also reminds me of Remove image push steps from the build strategies #165 which also is a non-trivial change as afaik not all build strategy samples that we have today would be able to support this (Buildpacks specifically).

The local registry proposal on the other hand imo does not resolve what is described in the issue's description, specifically the customer certificate issue.