feat: OBS-435 - diode-sdk-python: tls_verify + grpc client call interceptor

[mfiedorowicz]

• use OS root CAs for grpc secure channel and add configurable tls_verify
• intercept grpc calls to prefix original service method with path provided in the target, /diode.v1.IngesterService/Ingest -> /2932546d/diode/diode.v1.IngesterService/Ingest
• add metadata about platform and python version, i.e.

platform = macOS-14.4.1-arm64-arm-64bit
python-version = 3.10.13

Usage of SDK:

DiodeClient(
        target="localhost:80/xyz/diode/",
        app_name="pusher",
        app_version="0.0.1",
        tls_verify=False,
) 

nginx logs:

2024/05/09 19:35:06 [notice] 28#28: *6 "/xyz/diode/(.*)" matches "/xyz/diode/diode.v1.IngesterService/Ingest", client: 192.168.65.1, server: localhost, request: "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0", host: "localhost:80"
2024/05/09 19:35:06 [notice] 28#28: *6 rewritten data: "/diode.v1.IngesterService/Ingest", args: "", client: 192.168.65.1, server: localhost, request: "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0", host: "localhost:80"
192.168.65.1 - - [09/May/2024:19:35:06 +0000] "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0" 200 5 "-" "grpc-python/1.62.1 grpc-c/39.0.0 (osx; chttp2)" "-"

[linear]

OBS-435 SDK (python + go) to use system certs for server TLS verification

gRPC client libraries require certificates for diode server TLS verification, regardless of setting insecure connection explicitly 🤷‍♂️

Both python and go diode SDKs should load system available certificates:

• python to use certifi package with certifi.where()

Certifi provides Mozilla’s carefully curated collection of Root Certificates for validating the 
trustworthiness of SSL certificates while verifying the identity of TLS hosts. 
It has been extracted from the Requests project.

• go to use x509.SystemCertPool()