fix: Respect system certificates

[AiyionPrime]

in order to use nix-index behind proxies, which impose a certain certificate on the traffic.

this resolves #288

[AiyionPrime]

@RaitoBezarius or @bennofs might one of you take a look at the suggestion in the PR in the next weeks?

[AiyionPrime]

@RaitoBezarius is there something I could do to get this reviewed?

[AiyionPrime]

Or @bennofs or @figsoda for that matter?

[figsoda]

looks like this feature is removed in 0.13, what is the alternative in 0.13?

[AiyionPrime]

The last sentence in the commit message that introduced the change gives a hint:

This greatly simplifies the configuration matrix of what could be enabled, but
also means the removal of some parts that some people may have been using. The
consolidated API should still allow users to do these things.

For example, instead of adding webpki-roots with a feature flag, you should use
the webpki-roots crate yourself, and pass them into tls_certs_only(certs).

Originally posted by @seanmonstar in seanmonstar/reqwest@a59cdeb

So I assume we could do something similar with rustls-tls-native-roots and rustls-native-certs; and maybe even rustls-platform-verifier is applicable.

But I haven't used either, yet.

[AiyionPrime]

... a conclusion I apparently reached at last year, too :D

This might be a favorable solution in order to stick with rustls instead of the system native resolver.

https://github.com/rustls/rustls-platform-verifier

edit implemented least invasively in #289.