Support `extra_root_certificates` and `accept_invalid_certificates` when fetching/publishing

[brooksmtownsend]

Often with internal registries there are self-signed certificates in use that are interpreted as invalid. I would love to be able to either specify these flags to ignore invalid certs and supply additional certs to trust at least in the wasm-pkg-client library, and perhaps even with the wkg CLI as well.

If there's appetite for this to be contributed, I'm happy to add this feature

[brooksmtownsend]

Also, if there's some way to do this today and I'm just missing it, please let me know!

[lann]

You should be able to set the SSL_CERT_FILE env var (per the rustls-native-certs crate) to point at alternative root(s) but I haven't tried.

[tylerhjones]

I think you would need to update the registry to include the feature supporting the native tls. It looks like the defaults do not support the use of alt certs; https://github.com/bytecodealliance/registry/blob/main/crates/client/Cargo.toml#L13
So afaik, you need to update the stack all the way down so the features enabled will allow this