feat: use webpki as rustls roots on non-desktop platforms (#1402)

* feat: use webpki as rustls roots on non-desktop platforms

Silently switch over to using `rustls-webpki` when building for
target_os that is not Windows/Linux/Mac because `rustls-native-certs`
doesn't support them.

Ideally we should use `rustls-platform-verifier` as it's now the
recommended crate even on `rustls-native-certs` repository, since it
chooses the right implementation for the platform. But currently it
doesn't seem like `hyper-proxy2` or `tokio-tungstenite` doesn't support
them yet.

* Fix "no native root CA certificates found" (#1399)

core/src/http_client.rs

@@ -145,12 +145,16 @@ impl HttpClient {
 
     fn try_create_hyper_client(proxy_url: Option<&Url>) -> Result<HyperClient, Error> {
         // configuring TLS is expensive and should be done once per process
-        let https_connector = HttpsConnectorBuilder::new()
-            .with_native_roots()?
-            .https_or_http()
-            .enable_http1()
-            .enable_http2()
-            .build();
+
+        // On supported platforms, use native roots
+        #[cfg(any(target_os = "windows", target_os = "macos", target_os = "linux"))]
+        let tls = HttpsConnectorBuilder::new().with_native_roots()?;
+
+        // Otherwise, use webpki roots
+        #[cfg(not(any(target_os = "windows", target_os = "macos", target_os = "linux")))]
+        let tls = HttpsConnectorBuilder::new().with_webpki_roots();
+
+        let https_connector = tls.https_or_http().enable_http1().enable_http2().build();
 
         // When not using a proxy a dummy proxy is configured that will not intercept any traffic.
         // This prevents needing to carry the Client Connector generics through the whole project