Allow for disabling server TLS certificate verification when making API calls

[maxrake]

Overview

Is your feature request related to a problem? Please describe.

This feature request came out of the Phylum Discord. The suggestion was due to a self-hosted GitLab instance that was refusing internal API requests from the runners where the phylum-ci GitLab CI integration was running:

SSLError: HTTPSConnectionPool(host='', port=): Max retries exceeded with url: /api/v4/projects/170/merge_requests/3/notes (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

The assumption is that the self-hosted GitLab instance is using self-signed certificates and the runner where the phylum-ci image is executed is not able to verify those certificates. Bypassing the verification in this situation would allow for notes to continue to be read and written to the merge request.

Describe the solution you'd like

Provide an ability to bypass server TLS certificate verification in the CI integrations. This should be specifically for connections to internal, self-hosted CI instances (e.g., GitLab EE) and not for all connections (e.g., to Phylum).

Describe alternatives you've considered

None at this time.

Additional context

This may be better implemented with a custom environment variable and not with a new CLI flag. That way, it won't show up in the help output and it's use will have to be more intentional since bypassing security checks is not something to be done without understanding the consequences. If so, advertise the existence of this feature in documentation.

Acceptance criteria

• API calls to servers with self-signed certificates are allowed when the environment variable is set
• Documentation is updated