[FEATURE] Support MCP Servers with Certs signed by Custom RootCA

[patst]

📋 Prerequisites

• I have searched the existing issues to avoid creating a duplicate
• By submitting this issue, you agree to follow our Code of Conduct

📝 Feature Summary

We are hosting internal MCP Servers which are secured with TLS and have certificates signed by custom root CAs

❓ Problem Statement / Motivation

• At the moment adding such a MCP server results in TLS errors: ERROR reconciler failed to upsert tool server for remote mcp server {"remoteMCPServer": "kagent/custom-mcp", "error": "failed to fetch tools for toolServer kagent/custom-mcp: failed to initialize client for toolServer kagent/custom-mcp: transport error: failed to send request: failed to send request: Post \"https://<customURL>/mcp\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}
• similar to [FEATURE] Add custom CAs for LLM calls #775 , but focussed on the MCP servers, not custom LLMs

💡 Proposed Solution

• possibility to add custom root CA bundle, e.g. via ConfigMap

🔄 Alternatives Considered

No response

🎯 Affected Service(s)

Controller Service

📚 Additional Context

Example Definition:

apiVersion: kagent.dev/v1alpha2
kind: RemoteMCPServer
metadata:
  name: custom-mcp
  namespace: kagent
spec:
  description: ''
  protocol: STREAMABLE_HTTP
  terminateOnClose: true
  timeout: 5s
  url: https://internal-url/mcp

🙋 Are you willing to contribute?

• I am willing to submit a PR for this feature