ensure preshipped certificate and provider.json is used in custom builds

• currently the normal TOFU model is used for custom builds:
• in the first step of the provider setup the app fetches the provider.json and the self-sigend certificate from the public api trusting a commercially signed CA cert
• after the initial step the app communicates with the private api

instead the custom clients should try to use the preshipped self-signed certificate for the initial provider communication