caddypki,caddytls: fix data races in CA accessors and TLS storage cleanup

[jeffkayser2]

…anup

Fix two data races detected when running with -race flag:

1. caddypki/ca.go: The CA accessor methods (RootCertificate, IntermediateCertificate, IntermediateKey, RootKey) used value receivers which copy the struct before the mutex lock is acquired. This allows concurrent goroutines to read stale copies of the CA fields while renewCertsForCA() is writing to them.

   Changed to pointer receivers so the lock is acquired on the original struct before any field access occurs.

2. caddytls/tls.go: The keepStorageClean() method writes to storageCleanTicker and storageCleanStop without synchronization, racing with Stop() and CaddyModule() which may read these fields concurrently.

   Added storageCleanMu mutex to protect these fields in both keepStorageClean() and Stop().

Race detector output before fix:

WARNING: DATA RACE
Write at 0x00c000a5ca90 by main goroutine:
github.com/caddyserver/caddy/v2/modules/caddypki.(*PKI).renewCertsForCA()
modules/caddypki/maintain.go:89
Previous read at 0x00c000a5ca90 by goroutine 176:
github.com/caddyserver/caddy/v2/modules/caddypki.(*CA).NewAuthority()
modules/caddypki/ca.go:199

WARNING: DATA RACE
Write at 0x00c000a5cc28 by main goroutine:
github.com/caddyserver/caddy/v2/modules/caddytls.(*TLS).keepStorageClean()
modules/caddytls/tls.go:789
Previous read at 0x00c000a5cc28 by goroutine 170:
github.com/caddyserver/caddy/v2/modules/caddytls.(*TLS).CaddyModule()

Related: #4517, #4669

Assistance Disclosure

I used Claude Code v2.0.55 Opus 4.5 - Claude Max, to fix the data race, and build the files to send to github.com

This PR is missing an assistance disclosure.

[CLAassistant]

All committers have signed the CLA.

[mholt]

Thanks! Although, the base commit seems to be old. Would you mind fixing the merge conflict?