Custom RootCA for JWKSResolver: extend MeshConfig?

This is probably somewhere between Configuration and Security.

I’m looking at making it possible to supply a custom root certificate for the JWKSResolver, so that if you’re using jwksUri in a Policy, you can host your JWKS on a HTTPS server with a self-signed or corporate CA certificate. Is the MeshConfig the right place to do this or am I looking in the wrong place here? Any hints would be greatly appreciated :slight_smile:

For more context see the corresponding issue.

Thank you!