feat(forge): add flag to disable HTTPS certificate validation for RPC

[mirokuratczyk]

Component

Forge

Describe the feature you would like

#10855, but for forge.

Currently, it is not possible to deploy contracts with forge script against an RPC endpoint or via an HTTP proxy that serves an untrusted certificate (e.g., self-signed, development, untrusted root CA, etc.).

I made an example change that will follow the foundry eth_rpc_accept_invalid_certs configuration across all requests mirokuratczyk@80db4b0. But, I imagine that's antithetical to how that should be done in the project and an implementation like what was done for cast would be preferable #10869.

I'm new to the project/rust and was having trouble threading insecure across forge script and the forked environment requests to make a proper implementation and thought it would be better to seek guidance first.

Additional context

No response

[mablr]

I think we don't need to modify RuntimeTransport impl, or create a new config key.

Adding new -k/--insecure arg to EvmArgs with a "rename" is ok, like for :

foundry/crates/cli/src/opts/evm.rs

Lines 46 to 48 in bd0e4a7

	#[arg(long, short, visible_alias = "rpc-url", value_name = "URL")]
	#[serde(rename = "eth_rpc_url", skip_serializing_if = "Option::is_none")]
	pub fork_url: Option<String>,

straightforward actually 👍 . You might want to try to make a PR ?

It also brings back this older discussion about deduplicating args in EvmArgs&&RpcOpts: #9303 (comment)

[mirokuratczyk]

@mablr thanks for taking the time to respond to this issue.

I created a draft PR, but as you'll see there were many touch points to thread the new arg through #11960.

I'm pretty sure that also won't follow the value of eth_rpc_accept_invalid_certs in the target foundry profile in foundry.toml, but figured might be enough to get the ball rolling.

edit: it does get forge script --insecure/-k working for me testing against a self-signed cert.

[mablr]

@mirokuratczyk Your welcome!

I made a quick review, it works, but I think the refactor I mentioned is actually needed before continuing.