pubkey_os_cacerts:get() fails when no CA certs are installed

[mkuratczyk]

Describe the bug
pubkey_os_cacerts:get() fails with a badmatch if there are no CA certs installed on the operating system level (which may happen, especially in containerized environments).

To Reproduce

> docker run -it 'pivotalrabbitmq/rabbitmq@sha256:5a985edba20e138cb3a4b86781a95b36859a607d4a62643ca755f622527fae52' erl
Erlang/OTP 26 [erts-14.0] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [jit:ns]

Eshell V14.0 (press Ctrl+G to abort, type help(). for help)
1> pubkey_os_cacerts:get().
** exception error: no match of right hand side value {error,enoent}
     in function  pubkey_os_cacerts:get/0 (pubkey_os_cacerts.erl, line 38)

Expected behavior
I'd expect the function to return an empty list. It'd like mean that, given no CA certs were found, the request will later fail with a peer verification failure, but that feels like the correct API to handle such situations.

Affected versions
Verified on OTP 25.3 and OTP26.

[dgud]

This is documented behavior, see #7295.

[dgud]

Also see PR #7302 which will improve the error message, to show that this is intended error for those that have not read the docs.

We discussed making it return an empty list, but that would give the user an error that is harder to debug.
It is harder to figure out that public_key quietly returned an empty list of CaCerts because the was "badly" configured or not
supported, when for example the httpc call fails with a "could not verify peer" error.
So in my opinion it is better to signal the error directly.