aibridgeproxy: Serve TLS listener certificate via API endpoint

[ssncferreira]

Problem

When TLS is enabled on the AI Bridge Proxy listener, clients need to trust the TLS certificate in addition to the MITM CA certificate. The MITM CA certificate is already available via endpoint /api/v2/aibridge/proxy/ca-cert.pem, but there is no equivalent endpoint for the TLS listener certificate.

This means operators must distribute the TLS certificate manually, which makes automated client configuration harder, particularly for registry modules that configure the proxy automatically (e.g. the Copilot module).

A new endpoint (e.g. /api/v2/aibridge/proxy/tls-cert.pem) would allow clients to fetch the TLS certificate the same way they fetch the MITM CA certificate, simplifying configuration for both manual and automated setups.

Note: Operators with TLS already deployed across their infrastructure likely have existing mechanisms for distributing certificates, so this is primarily useful for simplifying automated setups.

Related to: coder/coder#22548 (comment)