Customized base image should create self-signed certificate in advance

[andrewazores]

Part of #333

Similar to #334, entrypoint.sh currently creates the self-signed SSL/TLS certificate at container startup time. This takes time and also results in each redeployed instance having a different certificate, requiring clients to re-trust the application, even though it is really the same. This should be done at container base image build time to save startup time and not require clients to re-trust the application, allowing entrypoint.sh to simply grab and use the certificate as a fallback if the end user/administrator has not specified their own.