Add support for user-managed SSL certificate verification

[tdstein]

By default, the requests package reads CA_BUNDLE information from the REQUESTS_CA_BUNDLE env var and falls-back to CURL_CA_BUNDLE. If neither of these are set properly, the request will result in an SSLError.

The requests package provides support for configuring server-side and client-side certificate locations. See https://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

Add support to the connect.Client to accept these properties and pass them to the requests.Session instance.

Additionally, there may be an opportunity to default the verify property to a specific location when it is known that the client is running within Connect. Further research is needed.

[dbkegley]

nit: I think requests falls back to certifi.where() if neither of those environment vars are set.

https://docs.python-requests.org/en/latest/user/advanced/#ca-certificates
https://github.com/psf/requests/blob/2d5f54779ad174035c5437b3b3c1146b0eaf60fe/src/requests/utils.py#L63

[NicolaiLolansen]

The rsconnect package has a flag --insecure

TLS Support and Posit Connect
Usually, a Posit Connect server will be set up to be accessed in a secure manner, using the https protocol rather than simple http. If Posit Connect is set up with a self-signed certificate, you will need to include the --insecure flag on all commands. If Posit Connect is set up to require a client-side certificate chain, you will need to include the --cacert option that points to your certificate authority (CA) trusted certificates file. Both of these options can be saved along with the URL and API Key for a server.

https://pypi.org/project/rsconnect-python/

I think it would make sense to reflect the same behavior for this package.