Add support for custom CA

[jsnjack]

This pull request exposes RootCAs transport option to a user and allows the user to set their own root certificate bundle.

Motivation:

• this should simplify work with services that use self-signed certificates. At the moment it is only possible if SSL certificate verification is skipped completely (insecureSkipVerify option)
• some of the web servers do not provide full certificate chain, which often results in "unknown certificate authority" error. Browsers normally request the missing certificates themselves, however go's http client doesn't. One workaround would be to generate your own certificate bundle which includes both root CAs and intermidiate CAs

Details: In this pr I made RootCAs a part of TransportOptions struct, which makes sense because it is a transport option. However, a similar insecureSkipVerify option is assigned as HttpClientOption. Should RootCAs be also assigned in a similar way as insecureSkipVerify? :thinking:

[bogdanfinn]

@jsnjack thank you for the PR.

Not sure if it is more the other way around that the insecureSkipVerify should be assigned to TransportOptions struct. I will think about that.

[jsnjack]

Thanks!