[grpc_clients] fix gRPC client on native
Summary:
The gRPC client needs a set of root certificates for the TLS handshake. When running the keyserver (both inside a Docker container and not) or simulator, the client is able to locate the root certificates at one of the paths we had enumerated. However, on physical iOS and Android devices, the certificates have to be bundled with the app.
The tls-webpki-roots feature adds Mozilla's root certificates to our rustls-based gRPC client, so we don't have to rely on platform certs.
Test Plan:
This branch contains @kamil's code from D10327. I used that code (and verifyUserLoggedIn on keyserver) to test that the shared gRPC client could talk to staging AND local identity services (https and http) from:
- local keyserver (non-Docker)
- local keyserver (Docker)
- iOS simulator
- Android emulator
- Physical iPhone
- Physical Pixel 3
Reviewers: bartek, kamil, ashoat
Reviewed By: bartek
Subscribers: tomek, kamil
Differential Revision: https://phab.comm.dev/D10343