Add support for ca_certs in [[tool.pdm.source]] tables

[AvlWx2014]

Is your feature/enhancement proposal related to a problem? Please describe.

In my project's pyproject.toml I have the following source configuration:

[tool.pdm.resolution]
respect-source-order = true

[[tool.pdm.source]]
name = "nexus"
url = "private"
verify_ssl = true
ca_certs = "/etc/pki/tls/certs/ca-bundle.crt"  # my system CA bundle

[[tool.pdm.source]]
url = "https://pypi.org/simple/"
verify_ssl = true
name = "pypi"

After PDM 2.13.0 was released my container image builds stopped stopped working raising

[ConnectError]: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

when trying to reach pypi.org to install packages. This issue would disappear when I rolled back to PDM 2.12.4.

I discovered after reading the release notes for 2.13.0 that the project has switched from requests to httpx for the HTTP library of choice. This is significant because httpx does not respect the REQUESTS_CA_BUNDLE environment variable, which, as is turns out, was the only reason my container builds were working in the first place as there is no support in PDM for ca_certs in [[tool.pdm.source]] tables.

Describe the solution you'd like

Add support for the field ca_certs in [[tool.pdm.source]] table entries to customize the CA certs used for SSL verification on a per-source basis.

This behavior would be consistent with the existing pdm config pypi.<source>.ca_certs mechanism to specify CA certs per source, as well as the ca_certs field in [repository] tables used to specify CA certs on a per-repository basis for publishing.

An alternative (or complementary?) option could be to enable or enhance configuration file validation against a schema such that unexpected fields would emit a warning or raise an exception, preventing no-op fields like I have here from going unnoticed.

[frostming]

ca_cert is a config shared by all sources, so just set it in the pypi.ca_carts config