ca92b3ce7d
Self-signed CA certs on the OIDC provider (e.g. Logto behind a reverse proxy) cause the login flow to fail because Java's truststore rejects the connection. This adds an opt-in env var that creates a trust-all SSLContext scoped to OIDC HTTP calls only (discovery, token exchange, JWKS fetch) without affecting system-wide TLS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>