feat(synapse): add ca_certs_file support for LDAP TLS

Add matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file
variable to allow specifying a custom CA certificate file for LDAP TLS
verification. Useful when Synapse is running in a container that does not
trust a private/internal CA by default.

Example usage:
matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file: /etc/ssl/certs/my-ca.crt

roles/custom/matrix-synapse/defaults/main.yml

@@ -1410,6 +1410,7 @@ matrix_synapse_ext_password_provider_ldap_filter: ""
 matrix_synapse_ext_password_provider_ldap_active_directory: false
 matrix_synapse_ext_password_provider_ldap_default_domain: ""
 matrix_synapse_ext_password_provider_ldap_tls_options_validate: true
+matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file: ""
 
 # Enable this to activate the Synapse Antispam spam-checker module.
 # See: https://github.com/t2bot/synapse-simple-antispam

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2540,6 +2540,9 @@ password_providers:
       filter: {{ matrix_synapse_ext_password_provider_ldap_filter | string|to_json }}
       tls_options:
         validate: {{ matrix_synapse_ext_password_provider_ldap_tls_options_validate | to_json }}
+{% if matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file %}
+        ca_certs_file: {{ matrix_synapse_ext_password_provider_ldap_tls_options_ca_certs_file | string | to_json }}
+{% endif %}
 {% endif %}
 {% endif %}