[FAB-8226] Include consortia TLS CAs

The orderer updateTrustRoots currently ignores organizations defined in
consortia for the orderer system channel.  This CR simply includes them
in the update path.

Change-Id: I56c590248a4a6e71db1ae32e9f95e44066bea5f9
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

Author: Jason Yellick

orderer/common/server/main.go

@@ -282,6 +282,15 @@ func updateTrustedRoots(srv comm.GRPCServer, rootCASupport *comm.CASupport,
 		}
 	}
 
+	if cc, ok := cm.ConsortiumsConfig(); ok {
+		for _, consortium := range cc.Consortiums() {
+			//loop through consortium orgs and build map of MSPIDs
+			for _, consortiumOrg := range consortium.Organizations() {
+				appOrgMSPs[consortiumOrg.MSPID()] = struct{}{}
+			}
+		}
+	}
+
 	cid := cm.ConfigtxValidator().ChainID()
 	logger.Debugf("updating root CAs for channel [%s]", cid)
 	msps, err := cm.MSPManager().GetMSPs()