Replace CA bundle

[bensteinberg]

This is preparation for updating the certificate authority on some RDS instances. The change in a given deployment, once this lands, will be changing e.g.

DATABASES['default']['OPTIONS'] = {'sslmode': 'verify-full', 'sslrootcert': '/usr/local/share/perma/services/aws/rds-combined-ca-bundle.pem'}

to

DATABASES['default']['OPTIONS'] = {'sslmode': 'verify-full', 'sslrootcert': '/usr/local/share/perma/services/aws/global-bundle.pem'}

This will be fine both with the existing CA:

The bundle contains both the rds-ca-2019 intermediate and root certificates.

and once the CA on the instance is updated:

The bundle also contains the rds-ca-rsa2048-g1, rds-ca-rsa4096-g1, and rds-ca-ecc384-g1 root CA certificates.

See also https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html#UsingWithRDS.SSL-certificate-rotation-updating

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 70.11%. Comparing base (d32d3bd) to head (cc41dea). Report is 10 commits behind head on develop.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #3508 +/- ## =========================================== - Coverage 70.27% 70.11% -0.16% =========================================== Files 48 48 Lines 6627 6642 +15 =========================================== Hits 4657 4657 - Misses 1970 1985 +15 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.