feat: Add support for using the OS trust store in SSL verification

[millsks]

Description

This pull request adds support for using the operating system trust store for SSL certificate verification via a new truststore option for the ssl_verify configuration. It updates the configuration logic, command-line interface, and download handling to recognize and correctly process the truststore setting. Comprehensive tests are added to ensure the new behavior works as intended.

Support for OS trust store in SSL verification:

• Added truststore as a valid value for the ssl_verify configuration, allowing users to specify the use of the OS trust store for SSL certificate verification. The value is normalized internally as <truststore>. [1] [2]
• Updated the command-line interface to document and accept 'truststore' as an option for --ssl-verify.

Download logic enhancements:

• Modified the download logic in curl.cpp and downloader.cpp to handle the <truststore> value, ensuring that the appropriate system trust store is used during HTTPS requests. [1] [2]

Testing improvements:

• Added comprehensive tests to verify the correct behavior of the truststore option, including its precedence rules and interaction with other configuration options and environment variables.

Related Issue

Resolves #2857

Type of Change

• Bugfix
• Feature / enhancement
• CI / Documentation
• Maintenance

Checklist

• My code follows the general style and conventions of the codebase, ensuring consistency
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• I have run pre-commit run --all locally in the source folder and confirmed that there are no linter errors.
• I have added tests that prove my fix is effective or that my feature works
• New and existing tests pass locally with my changes

[millsks]

@jjerphan ready for review.

[codecov]

Codecov Report

❌ Patch coverage is 60.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 51.14%. Comparing base (b98c281) to head (420d8b8).

Files with missing lines	Patch %	Lines
libmamba/src/download/curl.cpp	25.00%	3 Missing ⚠️
micromamba/src/common_options.cpp	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4151   +/-   ##
=======================================
  Coverage   51.13%   51.14%           
=======================================
  Files         236      236           
  Lines       27645    27652    +7     
  Branches     2832     2833    +1     
=======================================
+ Hits        14137    14143    +6     
- Misses      13505    13506    +1     
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Klaim]

LGTM but I would like another team member review too before merging

[jjerphan]

Please document why <truststore> takes this code-path.

[jjerphan]

Nit: This could be factorized and comments could be added.