Document how to use non-standard SSL certificates with Geo

Customer has generated their own internal SSL certificates. The secondary was getting this error upon login:

Completed 500 Internal Server Error in 573ms (ActiveRecord: 1.8ms | Elasticsearch: 0.0ms)

Faraday::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed):
  lib/gitlab/geo/oauth_session.rb:54:in `get_token'
  app/controllers/oauth/geo_auth_controller.rb:22:in `callback'
  lib/gitlab/performance_bar/peek_performance_bar_with_rack_body.rb:16:in `call'
  lib/gitlab/middleware/multipart.rb:93:in `call'
  lib/gitlab/request_profiler/middleware.rb:14:in `call'
  lib/gitlab/middleware/go.rb:16:in `call'
  lib/gitlab/etag_caching/middleware.rb:11:in `call'
  lib/gitlab/middleware/readonly_geo.rb:30:in `call'
  lib/gitlab/request_context.rb:18:in `call'

Faraday has good documentation on how to handle this: https://github.com/lostisland/faraday/wiki/Setting-up-SSL-certificates

We should document how to handle this situation. The easiest way is to:

1. Copy the primary public certificate onto the secondary
2. Ensure the certificate is readable by git user
3. To /etc/gitlab/gitlab.rb, add gitlab_rails['env'] = {"SSL_CERT_FILE" => "/path/to/custom-cert.crt"}
4. Run gitlab-ctl reconfigure

I verified that this worked in CentOS 6, 7, and Ubuntu 16.04. This environment variable is used by OpenSSL and doesn't appear to be documented anywhere in Omnibus.

Apparently openssl version -a also tells the path to where the default certs live.

We should consider also doing this as part of the node status check.