Upgrade ca-certificates when creating container

Xenial's ca-certificates is outdated and needs to be updated or
websites using Let's encrypt will not be reachable.

This will break building certain packages which fetch from such
websites, like bluez:

-----

Installing arm64 (host amd64) build dependencies for bluez in container bluez-usdk-16-04-amd64-arm64-dev.
Downloading upstream source tarball of bluez in container to bluez_5.42+ubports5.orig.tar.xz.
--2022-06-21 16:17:11--  http://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz
Resolving www.kernel.org (www.kernel.org)... 145.40.68.75, 2604:1380:4601:e00::1
Connecting to www.kernel.org (www.kernel.org)|145.40.68.75|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz [following]
--2022-06-21 16:17:12--  https://www.kernel.org/pub/linux/bluetooth/bluez-5.41.tar.xz
Connecting to www.kernel.org (www.kernel.org)|145.40.68.75|:443... connected.
ERROR: cannot verify www.kernel.org's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US':
  Issued certificate has expired.
To connect to www.kernel.org insecurely, use `--no-check-certificate'.

-----

Explicitly add ca-certificate to the list of packages to install
to force it to be upgraded to the latest version.

Signed-off-by: Alexander Martinz <[email protected]>

crossbuilder

@@ -506,7 +506,7 @@ APT::Periodic::Unattended-Upgrade \"0\";\n\
         exec_container_root "add-apt-repository -y $EXTRA_REPO"
     done
     exec_container_root apt update
-    exec_container_root apt install -y sudo debhelper ccache software-properties-common devscripts equivs qemu-user-static
+    exec_container_root apt install -y sudo debhelper ccache software-properties-common devscripts equivs qemu-user-static ca-certificates
     exec_container_root adduser $USERNAME sudo
     # set empty password for the user
     exec_container_root passwd --delete $USERNAME