services: hpcguix-web: Set SSL_CERT_DIR.

Previously Git pulls over HTTPS would fail with:

  guix/git.scm:132:7: In procedure update-cached-checkout:
  Throw to key `git-error' with args `(#<<git-error> code: -17 message: "the SSL certificate is invalid" class: 16>)'.

* gnu/services/web.scm (hpcguix-web-shepherd-service): Pass
"SSL_CERT_DIR=/etc/ssl/certs".
* doc/guix.texi (Web Services): Mention certificates.

doc/guix.texi

@@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like this:
                 (menu '(("/about" "ABOUT"))))))))
 @end example
 
+@quotation Note
+The hpcguix-web service periodically updates the package list it publishes by
+pulling channels from Git.  To that end, it needs to access X.509 certificates
+so that it can authenticate Git servers when communicating over HTTPS, and it
+assumes that @file{/etc/ssl/certs} contains those certificates.
+
+Thus, make sure to add @code{nss-certs} or another certificate package to the
+@code{packages} field of your configuration.  @ref{X.509 Certificates}, for
+more information on X.509 certificates.
+@end quotation
+
 @node Certificate Services
 @subsubsection Certificate Services
 

gnu/services/web.scm

@@ -967,7 +967,8 @@ a webserver.")
                  #:user "hpcguix-web"
                  #:group "hpcguix-web"
                  #:environment-variables
-                 (list "XDG_CACHE_HOME=/var/cache")))
+                 (list "XDG_CACHE_HOME=/var/cache"
+                       "SSL_CERT_DIR=/etc/ssl/certs")))
        (stop #~(make-kill-destructor))))))
 
 (define hpcguix-web-service-type