Restic when using with S3 backend is not supporting self-signed certificates

[ricsanfre]

Issue Description

Restic, used jointly with Velero to perform pod's volumes backups is unable to connect through HTTPS to S3 backend using self-signed certificates

Velero backup shows the error: x509: certificate signed by unknown authority

time="2021-12-17T15:21:19Z" level=error msg="Error backing up item" backup=velero-system/nginx-backup error="restic repository is not ready: error running command=restic init --repo=s3:https://s3.picluster.ricsanfre.com:9091/k3s-velero/restic/nginx-example --password-file=/tmp/credentials/velero-system/velero-restic-credentials-repository-password --cache-dir=/scratch/.cache/restic, stdout=, stderr=Fatal: create repository at s3:https://s3.picluster.ricsanfre.com:9091/k3s-velero/restic/nginx-example failed: client.BucketExists: Get \"https://s3.picluster.ricsanfre.com:9091/k3s-velero/?location=\": x509: certificate signed by unknown authority\n\n: exit status 1" error.file="/go/src/github.com/vmware-tanzu/velero/pkg/restic/repository_ensurer.go:186" error.function="github.com/vmware-tanzu/velero/pkg/restic.(*repositoryEnsurer).EnsureRepo" logSource="pkg/backup/backup.go:435" name=nginx-deployment-7f69d8b6fb-dtt26

[ricsanfre]

This issue is identical to vmware-tanzu/velero#2335.

As an alternative to self-signed certificates, custom CA can be created for signing Minio's SSL certificate and passing CA certificate to Velero, option cacert, which is as well forwarded to Restic, to permit the validation.

[ricsanfre]

Using custom CA for signing Minio's SSL certificate and passing it through caCert helm chart configuration parameter solves the issue.