fix(cli,core): trust OS CA roots for self-signed servers (#287)

[DerDennisOP]

Closes #287.

Summary

• gradient login failed with transport error: error sending request against self-hosted instances with a self-signed CA, even when the CA was installed in the system trust store and curl worked. The CLI's rustls config only trusted webpki-roots, so the TLS handshake aborted before any HTTP traffic left the process — which is why nothing showed up in the reverse-proxy logs either.
• Load rustls-native-certs alongside webpki-roots in both the CLI (cli/connector/src/lib.rs) and the server-side HTTP client (backend/core/src/http.rs). Native cert loading degrades silently so Nix-sandbox / minimal-container builds without /etc/ssl/certs keep working.
• Refactored the root store into a separate helper (rustls_root_store) so the change is testable and added a regression test asserting the baseline is present.

Test plan

• cargo check on the CLI workspace and backend/core
• cargo clippy --all-targets -- -D warnings on connector (incl. tests) and core
• CI: full test suite, including the new root_store_contains_webpki_baseline test in backend/core/src/http.rs
• Manual: gradient login against a self-hosted instance with a self-signed CA installed in the OS trust store should succeed without transport error

[DerDennisOP]

/gradient run checks.x86_64-linux.gradient-cache

[DerDennisOP]

/gradient run checks.x86_64-linux.gradient-cache

[DerDennisOP]

/gradient run checks.x86_64-linux.gradient-cache