can't add CA cert for gha remotecache?

[dnwe]

Probably a bit of a niche usecase, but unlike type=registry, it doesn't appear to be possible to pass additional root CAs when using a cache-from/cache-to of type=gha — for example when running the buildkit action against an on-prem GitHub Enterprise Server that has a certificate issued by an internal root CA

Using the registry config in buildkitd.toml does correctly copy the certs into the builder to /etc/buildkit/certs/example.com/ca-certificates.crt, but these aren't used on the gha remotecache codepaths. Ideally they would also apply if the hostname matches or else it would useful if the copied certs were added to the main /etc/ssl/certs via update-ca-certificates in the container so they applied generally to any Go-based tls performed by buildkit