Allow CA root certificate used by HTTP client to be configured

Antora uses an HTTP client (got) to download the UI bundle from a remote URL. However, in certain environments, the default settings are not sufficient. One of these cases is when the remote server is using a self-signed certificate. Even if the certificate is registered on the local machine (such as in a Docker container), got will not pick it up and thus the connection to the server will be rejected. As a result, Antora cannot download the UI bundle.

A quick workaround to this problem is to instruct Node not to reject unauthorized requests by setting the NODE_TLS_REJECT_UNAUTHORIZED to 0 when calling Antora:

NODE_TLS_REJECT_UNAUTHORIZED=0 antora antora-playbook.yml

Another workaround is to pass the extra ca certs to Node using the NODE_EXTRA_CA_CERTS environment variable. That file must contain one or more certs that match the certs returned from the server.

NODE_EXTRA_CA_CERTS=/path/to/ca.cert antora antora-playbook.yml

A more long-term solution is to allow the CA root certificate file be configured so the HTTP client can load it (which configures got's ca option). For example:

got:
  ca:
    path: /etc/ssl/certs/ca-certificates.crt

We might also consider allowing the rejection of unauthorized requests to be configured (which configures got's rejectUnauthorized option):

got:
  reject_unauthorized: false

(Since this behavior is specific to UI, we could also consider adding these keys under the ui category).

This leaves room for other options as the need arises.