fix: use built-in root certs

[EverlastingBugstopper]

fixes #645 by switching back to the native-tls-vendored SSL backend instead of rustls, since we want to support local CAs for certain requests.

This PR also includes changes from #650 that allows us to reuse the same instance of a reqwest::blocking::Client across the entire codebase

[justinabrahms]

Before:

jabrahms@L-PDX-11023803:/mnt/c/Users/jabrahms/build/fgql$ rover subgraph introspect --log warn https://hostnamehere/graphql
   WARNrustls::session: Sending fatal alert BadCertificate
    at /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.19.1/src/session.rs:798

error[E028]: Could not connect to https://hostnamehere/graphql.
              Make sure the endpoint is accepting connections and is spelled correctly

With this branch, cargo install --git https://github.com/apollographql/rover --branch avery/fixup-native-roots didn't work because I was on cargo v1.46.0

error: failed to parse manifest at `/home/jabrahms/.cargo/git/checkouts/rover-efd9f422be37a06b/58d5599/Cargo.toml`

Caused by:
  feature `resolver` is required

  consider adding `cargo-features = ["resolver"]` to the manifest

Updated to 1.53.0 and got:

cargo install --git https://github.com/apollographql/rover --branch avery/fixup-native-roots
    Updating git repository `https://github.com/apollographql/rover`
error: multiple packages with binaries found: rover, xtask

The solution was to run:

cargo install --git https://github.com/apollographql/rover --branch avery/fixup-native-roots rover

---

Final result:

PS C:\Users\jabrahms> rover info
Rover Info:
Version: 0.1.7
Install Location: C:\Users\jabrahms\.cargo\bin\rover.exe
OS: Windows 10.0.19042 (Windows 10 Enterprise) [64-bit]
Shell: Unknown
PS C:\Users\jabrahms>  rover subgraph introspect --log warn https://hostnamehere//graphql
   WARNrustls::session: Sending fatal alert BadCertificate
    at C:\Users\jabrahms\.cargo\registry\src\github.com-1ecc6299db9ec823\rustls-0.19.1\src\session.rs:798

error[E028]: Could not connect to https://hostnamehere//graphql.
              Make sure the endpoint is accepting connections and is spelled correctly

But it is accessible via iwr:

PS C:\Users\jabrahms> iwr http://hostnamehere/graphql -Method 'POST' -ContentType 'application/json' -Body '{"query":"{ __schema{queryType {name}}}"}'


StatusCode        : 200
StatusDescription : OK
Content           : {"data":{"__schema":{"queryType":{"name":"Query"}}}}
RawContent        : HTTP/1.1 200 OK
                    rlogid: t6u%60njfqgbmquq%60%284*u%60njfqgbmquq%60%28%60bbqsuf%28rbpvbbu%3F%3Ckuvpbkhcsb%60hspse*1%2
                    8eitw2-17a658400e1-0x2351
                    x-envoy-upstream-service-time: 4
                    Content-Length: 52
                    Con...
Forms             : {}
Headers           : {[rlogid, t6u%60njfqgbmquq%60%284*u%60njfqgbmquq%60%28%60bbqsuf%28rbpvbbu%3F%3Ckuvpbkhcsb%60hspse*1
                    %28eitw2-17a658400e1-0x2351], [x-envoy-upstream-service-time, 4], [Content-Length, 52],
                    [Content-Type, application/json]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 52

Perhaps this has something to do with my cert store, because I seem to get similar issues from python's httpie library:

PS C:\Users\jabrahms> C:\Users\jabrahms\AppData\Roaming\Python\Python39\Scripts\http  https://hostnamehere/graphql

http: error: SSLError: HTTPSConnectionPool(host='hostnamehere', port=443): Max retries exceeded with url: /graphql (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)'))) while doing a GET request to URL: https://hostnamehere/graphql

At a bit of a loss here. :-/

[EverlastingBugstopper]

OK @justinabrahms - I think it makes the most sense to just switch back to using the native-tls implementation since I other folks are also reporting issues and that is quite likely the default for a reason!

---

Edit: I've pushed up the latest change, if you want to try again it'd be super helpful!