Add application/x-x509-ca-cert to expected API content types

[ssthom]

fixes: #8231

application/x-x509-ca-cert is the default response from our Spring-Boot application when there is an error like 404 and it was trying to get a cert file that doesn't exist: https://example.com/key.pem

But it is a valid response type when looking at https://www.iana.org/assignments/media-types/application/x-x509-ca-cert and https://datatracker.ietf.org/doc/html/rfc5280

4.2.1.1. CA Certificate Response Message Format
If the CA does not have any intermediate CA certificates, the response consists of a single X.509 CA certificate. The response will have a Content-Type of "application/x-x509-ca-cert".
"Content-Type: application/x-x509-ca-cert"

[kingthorin]

I don't think we should add this. A certificate response is unexpected, perhaps you requested one in the first place but the response shouldn't lie about what's actually going on (if a cert was requested and not found then the server isn't sending a cert back).

If this is causing a FP for you I believe it should be handled via Alert Filters.