Improve handling of CA certificates (#518)

Instead of bundling Pkl's built-in CA certificates as a class path resource and loading them at runtime,
pass them to the native image compiler as the default SSL context's trust store.
This results in faster SSL initialization and is more consistent with how default certificates
are handled when running on the JVM.

Further related improvements:
- Remove HttpClientBuilder methods `addDefaultCliCertificates` and `addBuiltInCertificates`.
- Remove pkl-certs subproject and the optional dependencies on it.
- Move `PklCARoots.pem` to `pkl-cli/src/certs`.
- Fix certificate related error messages that were missing an argument.
- Prevent PklBugException if initialization of `CliBaseOptions.httpClient` fails.
- Add ability to set CA certificates as a byte array
- Add CA certificates option to message passing API

pkl-commons-test/src/main/kotlin/org/pkl/commons/test/FileTestUtils.kt

@@ -38,11 +38,6 @@ object FileTestUtils {
     // drop some lines in the middle
     return dir.resolve("invalidCerts.pem").writeLines(lines.take(5) + lines.takeLast(5))
   }
-
-  fun writePklBuiltInCertificates(dir: Path): Path {
-    val text = javaClass.getResource("/org/pkl/certs/PklCARoots.pem")!!.readText()
-    return dir.resolve("PklCARoots.pem").apply { writeText(text) }
-  }
 }
 
 fun Path.listFilesRecursively(): List<Path> =