Consider a process default server certificate verifier

[djc]

Checklist

• I've searched the issue tracker for similar requests

Is your feature request related to a problem? Please describe.

There is currently a proliferation of Cargo features in downstream libraries to determine the set of trusted roots using webpki-roots and rustls-native-certs. We've recently also added the rustls-platform-verifier option, which will probably make this worse (before it potentially eventually makes things better?).

Describe the solution you'd like

Given that we now have the process default method for crypto providers, perhaps it could make sense to do something similar for the server certificate verifier? It seems likely to me that processes would like to use the same server certificate verification across all uses of rustls clients.

[joshtriplett]

I'd love to see this happen, so that people can set policy in one place, and not continuously chase down random crates that have their own (varying) policies.

I've spent a lot of time sending PRs to projects that hardcode the use of rustls-native-certs, trying to add Cargo features and code branches. :)