Support self-signed certificates in CURLStreamFile

[spmkone]

The current construction of the curl command in CURLStreamFile does not allow for self-signed https downloads from s3 buckets.

Why

Buckets created in local NAS (like QNAP/QuObjects) or local workflows built around minio containers take self-signed certificates for https endpoints. Using tensorizer natively in these environments is pretty useful for dev iterations and workflows before actually deploying.

Solution

A possible solution is that curl allows for bypassing the check all together with the -k flag (reference). Of course, it may also be possible to provide the cert to the curl call as an alternative. However, for these onprem workflows it may be ok to go with the insecure curl call.

Possible Implementation

Propagate a allow_insecure boolean flag through open_stream to CURLStreamFile which adds the -k flag to the curl command.

def open_stream(
    ...,
    allow_insecure: bool = False,
) 

class CURLStreamFile:
    def __init__(
        allow_insecure: bool = False
        *,
    ):

    # Individual flag or self._additional_curl_flags list
    # which could be used in _reproduce_and_capture_error()
    kflag = "-k" if allow_insecure else "" 

    cmd = [
            curl_path,
            ...
            kflag,
            uri,
        ]

I can put up a PR for this, if ok.

[wbrown]

@spmkone 👍 We'll happily accept a PR for this.