fix: upgrade reqwest from 0.12 to 0.13 and rename the rustls-tls feature to rustls

[Giorno-Giovana]

closes #1014

Motivation

vp install fails on macOS with a TLS error when trying to download the Node.js runtime from nodejs.org:

error: Failed to download Node.js runtime: Failed to download from
https://nodejs.org/dist/v22.18.0/SHASUMS256.txt: error sending request for url

The root cause is how reqwest 0.12 handles TLS certificate verification on non-Windows platforms. With the
rustls-tls feature, it uses webpki-roots — a hardcoded bundle of Mozilla root certificates compiled into the
binary. If the server's certificate chain involves a CA not present in that bundle (or the bundle is
outdated), TLS verification fails, even though the system's certificate store (macOS Keychain) trusts the
certificate.

reqwest 0.13 replaces the rustls-tls feature with rustls, which uses rustls-platform-verifier instead of
webpki-roots. This verifier delegates certificate validation to the OS-native certificate store
(Security.framework on macOS, SChannel on Windows), matching the behavior of curl and other system tools.

[netlify]

✅ Deploy Preview for viteplus-preview canceled.

Name	Link
🔨 Latest commit	fb3d428
🔍 Latest deploy log	https://app.netlify.com/projects/viteplus-preview/deploys/69c1079374f0480008151d95

[fengmk2]

@Giorno-Giovana why close?

[Giorno-Giovana]

@fengmk2 looks like duplicate dwhoban#1

[Giorno-Giovana]

But I think this could be merged anyway😁

[fengmk2]

@codex review

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[fengmk2]

thanks, I will release a test version to verify before I merge.

[fengmk2]

macOS build fails

[Giorno-Giovana]

The macOS build fails because reqwest 0.13 with the rustls feature pulls in aws-lc-rs as the default crypto
provider.

Fix: Switch from aws-lc-rs to ring as the crypto provider:

1. Changed reqwest feature from rustls to rustls-no-provider (avoids pulling in aws-lc-sys)
2. Added rustls as a workspace dependency with ring feature enabled
3. Added ensure_tls_provider() calls that install the ring crypto provider at runtime (using OnceLock for
   one-time initialization)

This completely removes aws-lc-sys from the dependency tree while keeping the same TLS behavior (platform
certificate verification via rustls-platform-verifier).