fix: prevent race condition in CA ID generation during tests

IAppConfig uses per-process cache, causing race conditions when CLI
commands and HTTP requests execute simultaneously during Behat tests.
The CLI generates a ca_id, but HTTP requests see an empty cache and
generate a different ca_id, overwriting the CLI value.

Solution:
- Detect debug mode (automatically set during Behat tests)
- Apply file lock + cache clear workaround only in debug mode
- Production code remains unchanged for optimal performance

This fix resolves test failures in features/sign/request.feature:28
and features/sign/request.feature:61 where setup validation was
failing due to mismatched certificate paths.

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

lib/Handler/CertificateEngine/AEngineHandler.php

@@ -143,11 +143,49 @@ public function readCertificate(string $certificate, string $privateKey): array
 	public function getCaId(): string {
 		$caId = $this->caIdentifierService->getCaId();
 		if (empty($caId)) {
-			$caId = $this->caIdentifierService->generateCaId($this->getName());
+			// In debug mode (tests), use file lock and cache clear to prevent race conditions
+			// between CLI commands and HTTP requests executing simultaneously.
+			// In production, this is not needed as setup commands run before HTTP requests.
+			if ($this->config->getSystemValueBool('debug', false)) {
+				$caId = $this->getCaIdWithLock();
+			} else {
+				$caId = $this->caIdentifierService->generateCaId($this->getName());
+			}
 		}
 		return $caId;
 	}
 
+	private function getCaIdWithLock(): string {
+		$lockFilePath = $this->tempManager->getTempBaseDir() . '/libresign_ca_id.lock';
+		$lockFile = fopen($lockFilePath, 'c+');
+		if ($lockFile === false) {
+			throw new \RuntimeException('Failed to open lock file');
+		}
+		
+		try {
+			// Acquire exclusive lock (blocks until available)
+			if (!flock($lockFile, LOCK_EX)) {
+				throw new \RuntimeException('Failed to acquire lock');
+			}
+
+			// Clear IAppConfig cache and reload from database
+			// This is critical because IAppConfig cache is per-process
+			$this->appConfig->clearCache(true);
+
+			// Check again after cache refresh - another process might have created it
+			$caId = $this->caIdentifierService->getCaId();
+			if (empty($caId)) {
+				$caId = $this->caIdentifierService->generateCaId($this->getName());
+			}
+			
+			return $caId;
+		} finally {
+			// Release lock and close file
+			flock($lockFile, LOCK_UN);
+			fclose($lockFile);
+		}
+	}
+
 	#[\Override]
 	public function parseCertificate(string $certificate): array {
 		return $this->parseX509($certificate);