Remove webpki crate - resolves #2183

[Bravo555]

Proposed changes

Our dependencies were updated to latest versions so that they no longer use the unmaintained webpki crate.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s)
• I ran cargo fmt as mentioned in CODING_GUIDELINES
• I used cargo clippy as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
257	0	5	257	100	44m27.385999999s

[codecov]

Codecov Report

Merging #2185 (3cf6498) into main (e8881a3) will decrease coverage by 0.8%.
Report is 9 commits behind head on main.
The diff coverage is 45.4%.

Additional details and impacted files

Files Changed	Coverage Δ
...s/common/certificate/src/parse_root_certificate.rs	67.1% <0.0%> (ø)
crates/common/download/src/download.rs	46.4% <0.0%> (-29.4%)	⬇️
crates/common/mqtt_channel/src/config.rs	49.1% <0.0%> (ø)
...ore/tedge/src/cli/connect/c8y_direct_connection.rs	0.0% <0.0%> (ø)
crates/core/tedge/src/cli/connect/command.rs	0.0% <0.0%> (ø)
crates/core/tedge/src/cli/connect/jwt_token.rs	49.4% <0.0%> (-1.9%)	⬇️
crates/core/tedge/src/cli/mqtt/publish.rs	40.7% <0.0%> (ø)
crates/core/tedge/src/cli/mqtt/subscribe.rs	0.0% <0.0%> (ø)
...rates/extensions/tedge_downloader_ext/src/tests.rs	0.0% <ø> (-93.8%)	⬇️
crates/common/certificate/src/lib.rs	87.4% <83.3%> (+6.6%)	⬆️

... and 9 files with indirect coverage changes

[didier-wenzek]

The code is correct.

Before merging, it might be good to double check with @reubenmiller the impacts on the release build.

[didier-wenzek]

Removing the feature tokio-rustls-native-certs might be a source of confusion as a certificate can be trusted by all the thin-edge component expect the remote access plugin (which depends on async-tungstenite for web-sockets). See #1678

[Bravo555]

Just confirmed that with this change, c8y-remote-access-plugin fails when accepting a connection from Cumulocity, with the following message in MQTT:

$ tedge mqtt sub "#"

...

c8y/s/us] 502,c8y_RemoteAccessConnect,"

Error:   × Connecting to Websocket
  ├─▶ URL error: TLS support not compiled in
  ╰─▶ TLS support not compiled in

"

A ticket was created to create an integration test to catch similar problems in the future: #2201

[Bravo555]

A fix was added in 0c356e3, and an issue to revert back into a regular dependency once a patched version is released was created #2202.

[didier-wenzek]

Just confirmed that with this change, c8y-remote-access-plugin fails when accepting a connection from Cumulocity, with the following message in MQTT

Thank you for going deeper. So even worse than we feared ;-)

[didier-wenzek]

Approved

[Bravo555]

There are 2 problems leading to the issue with CI test check:

• we're hitting github CI runner free space limit of 14GB
• some tests of download crate do not terminate if there is no sufficient disk space

[didier-wenzek]

There are 2 problems leading to the issue with CI test check:

* we're hitting [github CI runner free space limit of 14GB](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources)

* some tests of `download` crate do not terminate if there is no sufficient disk space

What I propose to move forward is simply to mark as ignored the tests that block when there is no sufficient disk space.

Also, create a ticket to fix the issue related to these blocking downloads. If the disk is full a download should not block and should even remove all half-downloaded stuff on such errors.

[Bravo555]

What I propose to move forward is simply to mark as ignored the tests that block when there is no sufficient disk space.

There's also the problem that some tests, as expected, fail if there is no disk space available.

[didier-wenzek]

Approving to #[ignore = "fails CI because of lack of disk space"]