In its postinst script, the ssl-cert package generates a snakeoil
self-signed certificate that is made available so applications can work
with example configuration files out-of-the-box. In Docker images, this
implies that the key becomes public for all the users with access to the
image and that they all get the same key.
This patch removes the certificate and re-generates it in the entrypoint
of the image.
Set the maximum number of file descriptors through squid's configuration
to mimic the behavior of the Ubuntu squid systemd service, which uses
the system-wide default soft limit set by systemd.
A detailed discussion on the issue is available at LP: #1978272.