Add /etc/ssl/certs to trusted_ro_paths for zuul-executors

If we download things over HTTPs inside bwrap, we'll need access to
/etc/ssl/certs to validate certs.

Change-Id: Ib662afbc0e3375a2d461ef7fc6e7e4f8741a700c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>

manifests/site.pp

@@ -1196,7 +1196,7 @@ node /^ze\d+\.openstack\.org$/ {
     gearman_ssl_ca           => hiera('gearman_ssl_ca'),
     #TODO(pabelanger): Add openafs role for zuul-jobs to setup /etc/openafs
     # properly. We need to revisting this post Queens PTG.
-    trusted_ro_paths         => ['/etc/openafs', '/var/lib/zuul/ssh'],
+    trusted_ro_paths         => ['/etc/openafs', '/etc/ssl/certs', '/var/lib/zuul/ssh'],
     trusted_rw_paths         => ['/afs'],
     disk_limit_per_job       => 5000,  # Megabytes
     site_variables_yaml_file => $::project_config::zuul_site_variables_yaml,