docs: document SYSDIG_MCP_API_SKIP_TLS_VERIFICATION env var

Author: tembleking

README.md

@@ -201,6 +201,7 @@ The following environment variables are **required** for configuring the Sysdig
 You can also set the following variables to override the default configuration:
 
 - `SYSDIG_MCP_TRANSPORT`: The transport protocol for the MCP Server (`stdio`, `streamable-http`, `sse`). Defaults to: `stdio`.
+- `SYSDIG_MCP_API_SKIP_TLS_VERIFICATION`: Whether to skip TLS verification for the Sysdig API connection (useful for self-signed certificates). Defaults to: `false`.
 - `SYSDIG_MCP_MOUNT_PATH`:  The URL prefix for the streamable-http/sse deployment. Defaults to: `/sysdig-mcp-server`
 - `SYSDIG_MCP_LOGLEVEL`: Log Level of the application (`DEBUG`, `INFO`, `WARNING`, `ERROR`). Defaults to: `INFO`
 - `SYSDIG_MCP_LISTENING_PORT`: The port for the server when it is deployed using remote protocols (`streamable-http`, `sse`). Defaults to: `8080`

docs/TROUBLESHOOTING.md

@@ -6,6 +6,9 @@
 **Problem**: "unable to authenticate with any method"
 - **Solution**: For `stdio`, verify `SYSDIG_MCP_API_HOST` and `SYSDIG_MCP_API_TOKEN` env vars are set correctly. For remote transports, check `Authorization: Bearer <token>` header format.
 
+**Problem**: Connection failing with "certificate signed by unknown authority"
+- **Solution**: If using a self-signed certificate (e.g. on-prem), set `SYSDIG_MCP_API_SKIP_TLS_VERIFICATION=true`.
+
 **Problem**: Tests failing with "command not found"
 - **Solution**: Enter Nix shell with `nix develop` or `direnv allow`. All dev tools are provided by the flake.