Add an option to disable CA certificate pinning

[cisco-dmytro-hissa]

Description

• Added disable_ca_pinning=False parameter to Client.__init__()
• Added validation that raises ValueError if both disable_ca_pinning=True and a custom ca_certs path are provided
• Added a new branch in _connect() that, when disable_ca_pinning is enabled, creates an http.client.HTTPSConnection with ssl.create_default_context() instead of using CertValidatingHTTPSConnection with the bundled CA bundle
• Added --disable-ca-pinning argument to the CLI main() entry point

How Has This Been Tested?

• TestDisableCaPinningInit — 7 tests verifying constructor behavior:
  • Default value is False and uses bundled CA certs
  • Can be set to True with default or None ca_certs
  • Raises ValueError when combined with a custom ca_certs path
  • Raises ValueError when combined with ca_certs='HTTP'
  • Raises ValueError when combined with ca_certs='DISABLE'
• TestDisableCaPinningConnect — 5 tests verifying connection behavior:
  • Default client uses CertValidatingHTTPSConnection (pinned)
  • Disabled pinning uses http.client.HTTPSConnection (not pinned)
  • Disabled pinning still has ssl.CERT_REQUIRED and check_hostname=True
  • Disabled pinning SSL context matches ssl.create_default_context() settings
  • Default client has CERT_REQUIRED on its custom SSL context

Types of Changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)