[RHOAIENG-47402] fix: remove insecure TLS default in IAP sample

[jlost]

What this PR does / why we need it:

Cherry-pick of kserve#5131

The GCP IAP sample hardcoded verify=False on all requests, disabling TLS certificate verification (CWE-295). This is the only sample in the repository that did so, and since it's the only sample making requests over the public internet (via IAP), it's also the one where TLS verification matters most.

This PR defaults to secure TLS verification (verify=True) and adds two opt-in flags:

• --ca-cert for self-signed or internal CA certificates
• --insecure to explicitly disable verification (with a warning)

Feature/Issue validation/testing:

• Verified no other samples use verify=False
• Verified production code (kserve_storage.py, inference_client.py) already follows this pattern

Checklist:

• Have you added unit/e2e tests that prove your fix is effective or that this feature works?
• Has code been commented, particularly in hard-to-understand areas?
• Have you made corresponding changes to the documentation?

Release note:

NONE

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jlost
Once this PR has been reviewed and has the lgtm label, please assign hdefazio for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[red-hat-konflux]

/group-test

[red-hat-konflux]

/group-test