maint: add the AWS RDS cert bundles

[coreypurcell]

Reopening #238

This PR will add RDS CA bundle to the stacks. This will allow customers to set their postgres connections to verify-full when connecting to a essential tier database. I opted not to chain the commands together into a list. I found that it made debugging failures much harder. For some reason 22 needed to have ca-certificates package added, without it the wget will fail and the update-ca-certificates will not exist

Testing

Before changes

root@aecdd0b8a9ae / [heroku/heroku:24]
docker > psql 'postgres://udkn8531065hs2:<redacted>@c4fuk4g4mva0ni.cluster-cmgvywijhzgr.us-east-1.rds.amazonaws.com:5432/d7434taaso5gbu?sslmode=verify-full&sslrootcert=system'
psql: error: connection to server at "c4fuk4g4mva0ni.cluster-cmgvywijhzgr.us-east-1.rds.amazonaws.com" (100.64.1.39), port 5432 failed: SSL error: certificate verify failed

Built the images
Ran this pattern in all 3 images

docker run -it --rm --platform=linux/amd64 33f6435378c7 bash
root@13d8683a53ca:/# psql 'postgres://udkn8531065hs2:<redacted>@c4fuk4g4mva0ni.cluster-cmgvywijhzgr.us-east-1.rds.amazonaws.com:5432/d7434taaso5gbu?sslmode=verify-full&sslrootcert=system'
psql (16.4 (Ubuntu 16.4-1.pgdg22.04+2), server 15.7)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, compression: off)
Type "help" for help.

root@6cf200a37298:/# curl -s https://cdn.azul.com/zulu/bin/zulu17.40.19-ca-jdk17.0.6-linux_x64.tar.gz | tar xz
root@6cf200a37298:/# zulu17.40.19-ca-jdk17.0.6-linux_x64/bin/keytool -list -v -keystore /etc/ssl/certs/java/cacerts | grep "Amazon RDS" | grep "Owner" | wc -l
Enter keystore password:
...

100