ffa7ceaed7
Previously BuildDefaultTLSConfig generated a new random self-signed certificate in memory on every run, making it impossible for users to extract and trust the certificate in their system trust store. Now when no explicit cert files are configured, GOST: 1. First checks cert.pem / key.pem in CWD (backward compatible) 2. Then checks auto-ca-cert.pem / auto-ca-key.pem under $HOME/.gost/ 3. If none found, generates a new ECDSA P-256 CA certificate, persists it to $HOME/.gost/, and uses it The persisted cert has IsCA=true so tools recognize it as a root CA. Falls back to in-memory-only when disk writes fail. Closes go-gost/gost#876