Add subjectAltName to cert for modern Go clients

[tracemeyers]

With just the CN set in the snake oil certificate, Go clients refuse to verify the certificate.

Can be overridden by specifying --build-arg CERT_SAN=DNS:somehost.com when building the image. For example in test environments, it may be useful to set it to DNS:localhost to avoid modifying /etc/hosts with planetexpress.com. Multiple values can be specified, separated with comma.