Add custom CA bundle support for downloads

[kwatanabe68]

Summary

• Load additional CA certificates into the reqwest::ClientBuilder from SSL_CERT_FILE or common CA bundle locations so that verylup setup succeeds in environments that require a custom root CA.

Testing

• cargo check
• verylup setup (WSL2 / Arch Linux behind the proxy)
• ⚠︎ Not tested on Windows

Concern

• Right now this relies on setting the CA path through the SSL_CERT_FILE environment variable. Since verylup already has its own config file, would it make sense to allow specifying the CA certificate path there instead?

Fixes #234

[dalance]

I investigated the ecosystem around cert.
rustls_platform_verifier seems to be most mature, and it is used by rustup too.

reqwest doesn't support it directly yet ( seanmonstar/reqwest#2159 )
So rustup seems to use reqwest with rustls-tls-manual-roots-no-provider feature and set rustls_platform_verifier manually.

rust-lang/rustup#3903

How about using this scheme?

[kwatanabe68]

Thank you for your suggestions and information!

As you mentioned, since reqwest doesn’t currently support this directly, replacing the verifier on the application side is a valid approach.
If reqwest officially supports rustls_platform_verifier in the future, I think it would be best to use that functionality and refactor/remove the custom workaround in the application.

For now, I’ll adopt the same approach as rustup, and will consider migrating as reqwest progresses.
Please let me know if there’s anything else I should consider.

[kwatanabe68]

Verified on my environment:

• Linux (x86_64-unknown-linux-gnu): verylup setup / install / update
• Windows (x86_64-pc-windows-gnu): verylup setup / install / update

[dalance]

Thank you for your contribution!
I'll merge this PR, and release the next version.