fix(desktop): trust system certificates

[Hona]

Summary

• Trust OS-installed certificate authorities in the desktop main process before starting the embedded Node server.
• Keeps corporate TLS interception certificates trusted for server-side fetches used during config bootstrap.

Verification

• bun typecheck from packages/desktop
• pre-push bun turbo typecheck
• local repro produced the reported 500/log shape before this change: TypeError: fetch failed with self-signed certificate

[Copilot]

Pull request overview

This PR updates the desktop main process so the embedded opencode Node server inherits the OS certificate trust store before startup, which helps server-side bootstrap fetches succeed in environments with corporate/intercepting CAs.

Changes:

• Added a local node:tls type augmentation for CA management APIs used by the Electron main process.
• Added startup logic in the desktop main entrypoint to merge Node’s default CA set with the system CA set.
• Runs the certificate setup before normal app/server initialization begins.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
packages/desktop/src/main/node-tls.d.ts	Adds typings for the TLS CA APIs used by the new startup hook.
packages/desktop/src/main/index.ts	Applies system CA certificates early in desktop main-process startup before embedded server initialization.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[JtMotoX]

Thanks @Hona. I have confirmed this fixed the Desktop app. Any chance you could do the same for the Web app?