Handle optional TLS validation for external source fetching

[mattrobenolt]

Originally brought up here: #4016

We should surface a new setting to require TLS validation when fetching external files. This option would be enabled by default (security first) with an option to disable. We need to make sure we then are able to surface this exact error inside the UI correct so a user can make the decision to disable on their own. To clarify, we shouldn't just blindly say, "Failed to fetch file.", we should strictly say, "Unable to validate TLS certificate when fetching file." or something akin to that.

[graingert]

There's no such thing as a TLS certificate. Maybe the following text would be better:

”Unable to connect via TLS (HTTPS), x509 certificate invalid because:”

[mattrobenolt]

Sorry, I'm bad with words. 😛

[graingert]

It would be nice to have a field for a custom PEM, or support TOFU.

[graingert]

To try and minimise the number of users with validation disabled.

[mattrobenolt]

I don't think as a product we should go that far. We support users uploading sources into Sentry, and we'd rather encourage doing that.

[graingert]

@mattrobenolt here's the first part of it, default to false. requests logs validation errors, so it should be easy enough to debug if anyone enables it.