Set verify_SSL=>1 by default for HTTP::Tiny in Plack::LWPish

[stigtsp]

HTTP::Tiny doesn't verify TLS/SSL certificates by default. This PR sets that flag for the default user agent so HTTPS certificates are verified like LWP does.

Current (insecure) Plack::LWPish behaviour:

$ perl -Ilib -MPlack::LWPish -MHTTP::Request -E 'say Plack::LWPish->new->request(HTTP::Request->new("GET","https://self-signed.badssl.com"))->content'
<!DOCTYPE html>
[..]

Compared to LWP:

$ perl -MLWP::UserAgent -E 'say LWP::UserAgent->new->request(HTTP::Request->new("GET","https://self-signed.badssl.com"))->content'                                                                                                    
Can't connect to self-signed.badssl.com:443 (certificate verify failed)

With this fix applied, certificates are checked and the request fails:

$ perl -Ilib -MPlack::LWPish -MHTTP::Request -E 'say Plack::LWPish->new->request(HTTP::Request->new("GET","https://self-signed.badssl.com"))->content'
SSL connection failed for self-signed.badssl.com: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Discussions in Debian that motivated this:

• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407

[stigtsp]

On second thoughts; Plack::LWPish doesn't seem to have any usage in other CPAN modules, so don't know how important this PR is in practice...

[miyagawa]

Plack::LWPish doesn't seem to have any usage in other CPAN modules

Yeah, to be honest I forgot about the existence of this module and definitely have never used it myself :)