Serves the *.local.eca.dev TLS certificate that ECA's remote
web-control server uses for HTTPS. Auto-renewed from
editor-code-assistant/eca-tls.
The private key is intentionally public: *.local.eca.dev only
resolves to private LAN IPs (via sslip.io), so this enables valid HTTPS to
a private address without per-user setup.