Prefer system TLS cert store by default

[DragoonAethis]

This is a follow-up on #2362 where bundled root cert stores became the default.

In scenarios where uv is wrapped by another rool (like rye) or buried somewhere deep in layers of Makefiles, "just" adding a command-line flag might not be trivial to make things work again. This change affects both users behind corporate HTTPS inspection proxies and private registry clients, where the registry is not world-facing but rather available only on the intranet with an internal cert issuer.

While I understand this makes initial startup benchmarks look rather bad, it also makes uv a pain to use in corporate environments. Please reconsider the default behavior to respect the system root cert store again, or at least make this configurable from environment variables/configuration files.

[samypr100]

This is partially fixed by #2401 if you have a ca bundle file.

We can go a bit further and add another env var as a shothand to --native-tls.

This change would be in uv crate itself and not in uv-client crate.

[charliermarsh]

No problem, I'll add an environment variable for it.

While I understand this makes initial startup benchmarks look rather bad, it also makes uv a pain to use in corporate environments.

It's actually not even about benchmarks -- there's minimal overhead on Linux. But I use macOS and it makes uv ~50-100x slower on basic commands.

[DragoonAethis]

Thank you!