fix: update the common cacert and include it in the unseal container

The previous cacert expired. A new one was created and also included in the unseal container.

The path to access the cacert was fixed in the unseal app and made configurable via an environment variable.

packages/container-vault-unseal-sgx-azure/default.nix

@@ -12,6 +12,7 @@ nixsgxLib.mkSGXContainer {
   inherit tag isAzure;
 
   packages = [
+    teepot.container-vault-start-config
     vat.vault-auth-tee.sha
     teepot.teepot.tee_vault_unseal
   ];