Issue: 2236 - adds an option to append CA certificates (#2237)

* adding append option for custom CA certs

* updated test for changed GetCertPool signature, added testing to check functionality of empty and non-empty store

* adding legacy options as well

* update associated documentation

* fixing code climate complaints - reduce number of return statements

* Apply suggestions from code review

Changes caFilesAppend (and variants) to useSystemTrustStore

Co-authored-by: Jan Larwig <jan@larwig.com>

* Apply suggestions from code review

Fixes extra whitespaces and grammar.

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* fix indentation

* update changelog

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

pkg/util/util.go

@@ -14,11 +14,40 @@ import (
 	"time"
 )
 
-func GetCertPool(paths []string) (*x509.CertPool, error) {
+func GetCertPool(paths []string, useSystemPool bool) (*x509.CertPool, error) {
 	if len(paths) == 0 {
 		return nil, fmt.Errorf("invalid empty list of Root CAs file paths")
 	}
-	pool := x509.NewCertPool()
+
+	var pool *x509.CertPool
+	if useSystemPool {
+		rootPool, err := getSystemCertPool()
+		if err != nil {
+			return nil, fmt.Errorf("unable to get SystemCertPool when append is true - #{err}")
+		}
+		pool = rootPool
+	} else {
+		pool = x509.NewCertPool()
+	}
+
+	return loadCertsFromPaths(paths, pool)
+
+}
+
+func getSystemCertPool() (*x509.CertPool, error) {
+	rootPool, err := x509.SystemCertPool()
+	if err != nil {
+		return nil, err
+	}
+
+	if rootPool == nil {
+		return nil, fmt.Errorf("SystemCertPool is empty")
+	}
+
+	return rootPool, nil
+}
+
+func loadCertsFromPaths(paths []string, pool *x509.CertPool) (*x509.CertPool, error) {
 	for _, path := range paths {
 		// Cert paths are a configurable option
 		data, err := os.ReadFile(path) // #nosec G304