feat: OBS-435 - diode-sdk-python: tls_verify + grpc client call interceptor

[mfiedorowicz]

• use OS root CAs for grpc secure channel and add configurable tls_verify
• intercept grpc calls to prefix original service method with path provided in the target, /diode.v1.IngesterService/Ingest -> /2932546d/diode/diode.v1.IngesterService/Ingest
• add metadata about platform and python version, i.e.

  platform = macOS-14.4.1-arm64-arm-64bit
  python-version = 3.10.13

Usage of SDK:

DiodeClient(
        target="localhost:80/xyz/diode/",
        app_name="pusher",
        app_version="0.0.1",
        tls_verify=False,
) 

nginx logs:

2024/05/09 19:35:06 [notice] 28#28: *6 "/xyz/diode/(.*)" matches "/xyz/diode/diode.v1.IngesterService/Ingest", client: 192.168.65.1, server: localhost, request: "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0", host: "localhost:80"
2024/05/09 19:35:06 [notice] 28#28: *6 rewritten data: "/diode.v1.IngesterService/Ingest", args: "", client: 192.168.65.1, server: localhost, request: "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0", host: "localhost:80"
192.168.65.1 - - [09/May/2024:19:35:06 +0000] "POST /xyz/diode/diode.v1.IngesterService/Ingest HTTP/2.0" 200 5 "-" "grpc-python/1.62.1 grpc-c/39.0.0 (osx; chttp2)" "-"

[linear[bot]]

OBS-435 SDK (python + go) to use system certs for server TLS verification

gRPC client libraries require certificates for diode server TLS verification, regardless of setting insecure connection explicitly 🤷‍♂️ Both python and go diode SDKs should load system available certificates: * python to use `certifi` package with `certifi.where()` ``` Certifi provides Mozilla’s carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project. ``` * go to use `x509.SystemCertPool()`