Hi, thanks for your post. This is a great idea and should absolutely be possible for me to implement in Indigo. Behind the scenes, Indigo relies on Mckert for its certificate generation, and mkcert does support wildcards. I've added this idea to my list.
Can I confirm your use-case? I'm guessing you want to have Indigo serve mysite.test and have something else serving something.mysite.test and something-else.mysite.test, and would just like a quick way to get SSL on the subdomain(s)?
Your 2) question is a little trickier unfortunately; Indigo recreates the required set of domain certs every time you start or stop a stack, so it's not certifying domains that it isn't serving (as part of Indigo's philosophy of not doing anything in your system when it's not running, but also for security and in case you want to test the domain uncertified or host it with another environment eg docker).
So yes, you can certainly create another SSL cert, but unfortunately since Indigo is using mkcert and mkcert cannot create two cert authorities, one of your easiest options for creating a cert is kind-of off-the-table. That said, it's certainly do-able without mkcert if you're comfortable on the command line. The following resources may be helpful:
As an alternative, if you do know the subdomains you'll need, you could just create a dummy site for each inside Indigo, and hardcode each site's ports to something out-of-the-way and simply never use the sites hosted there. This will have the side-effect of generating the SSL cert for those subdomains.